Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plan, privilege:fix load data privilege check (#16607) #16736

Merged
merged 2 commits into from
Apr 26, 2020
Merged

plan, privilege:fix load data privilege check (#16607) #16736

merged 2 commits into from
Apr 26, 2020

Conversation

sre-bot
Copy link
Contributor

@sre-bot sre-bot commented Apr 22, 2020

cherry-pick #16607 to release-3.0

What problem does this PR solve?

Issue Number: close tidb-challenge-program/bug-hunting-issue#33

Problem Summary:
LOAD DATA doesn't check privilege, any user could write data into table by using load data.

What is changed and how it works?

What's Changed:
TiDB currently just support LOAD DATA LOCAL, according to mysql document, this function nee INSERT privilege for table.

How it Works:
Check INSERT privilege when building LOAD DATA plan

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Unit test

Side effects

  • Breaking backward compatibility

Release note

@sre-bot
Copy link
Contributor Author

sre-bot commented Apr 22, 2020

/run-all-tests

@sre-bot sre-bot mentioned this pull request Apr 22, 2020
Merged
@sre-bot sre-bot added this to the v3.0.14 milestone Apr 22, 2020
zz-jason
zz-jason reviewed Apr 23, 2020
View reviewed changes
Copy link
Member

@zz-jason zz-jason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zz-jason zz-jason added the status/LGT1 Indicates that a PR has LGTM 1. label Apr 23, 2020
@tiancaiamao tiancaiamao added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Apr 23, 2020
@tiancaiamao
Copy link
Contributor

LGTM

jackysp
jackysp approved these changes Apr 26, 2020
View reviewed changes
Copy link
Member

@jackysp jackysp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jackysp
Copy link
Member

jackysp commented Apr 26, 2020

/merge

@sre-bot sre-bot added the status/can-merge Indicates a PR has been approved by a committer. label Apr 26, 2020
@sre-bot
Copy link
Contributor Author

sre-bot commented Apr 26, 2020

/run-all-tests

@sre-bot sre-bot merged commit 409560d into pingcap:release-3.0 Apr 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zz-jason zz-jason zz-jason left review comments

@jackysp jackysp jackysp approved these changes

@cfzjywxk cfzjywxk Awaiting requested review from cfzjywxk

@francis0407 francis0407 Awaiting requested review from francis0407

@tiancaiamao tiancaiamao Awaiting requested review from tiancaiamao

Assignees

@imtbkcat imtbkcat

Labels
component/privilege status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/bugfix This PR fixes a bug. type/3.0-cherry-pick
Projects
None yet
Milestone
v3.0.14
Development

Successfully merging this pull request may close these issues.
5 participants
@sre-bot @tiancaiamao @jackysp @zz-jason @imtbkcat