BUG#31611 (Security risk with BINLOG statement):
Adding check that the user executing a BINLOG statement has SUPER privileges and aborting execution of the statement with an error otherwise.
This commit is contained in:
parent
0b59871b83
commit
c0138b94f0
@ -328,4 +328,26 @@ drop table t1;
|
||||
drop table t1;
|
||||
End of 5.0 tests
|
||||
flush logs;
|
||||
BUG#31611: Security risk with BINLOG statement
|
||||
SET BINLOG_FORMAT=ROW;
|
||||
CREATE DATABASE mysqltest1;
|
||||
CREATE USER untrusted@localhost;
|
||||
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
|
||||
SHOW GRANTS FOR untrusted@localhost;
|
||||
Grants for untrusted@localhost
|
||||
GRANT USAGE ON *.* TO 'untrusted'@'localhost'
|
||||
GRANT SELECT ON `mysqltest1`.* TO 'untrusted'@'localhost'
|
||||
USE mysqltest1;
|
||||
CREATE TABLE t1 (a INT, b CHAR(64));
|
||||
flush logs;
|
||||
INSERT INTO t1 VALUES (1,USER());
|
||||
flush logs;
|
||||
mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql
|
||||
mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql
|
||||
INSERT INTO t1 VALUES (1,USER());
|
||||
ERROR 42000: INSERT command denied to user 'untrusted'@'localhost' for table 't1'
|
||||
SELECT * FROM t1;
|
||||
a b
|
||||
1 root@localhost
|
||||
DROP DATABASE mysqltest1;
|
||||
End of 5.1 tests
|
||||
|
@ -250,4 +250,31 @@ flush logs;
|
||||
--exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
|
||||
--exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
|
||||
|
||||
--echo BUG#31611: Security risk with BINLOG statement
|
||||
|
||||
SET BINLOG_FORMAT=ROW;
|
||||
CREATE DATABASE mysqltest1;
|
||||
CREATE USER untrusted@localhost;
|
||||
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
|
||||
|
||||
SHOW GRANTS FOR untrusted@localhost;
|
||||
USE mysqltest1;
|
||||
CREATE TABLE t1 (a INT, b CHAR(64));
|
||||
flush logs;
|
||||
INSERT INTO t1 VALUES (1,USER());
|
||||
flush logs;
|
||||
echo mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql;
|
||||
exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000017 > $MYSQLTEST_VARDIR/tmp/bug31611.sql;
|
||||
connect (unsecure,localhost,untrusted,,mysqltest1);
|
||||
echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql;
|
||||
error 1;
|
||||
exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql;
|
||||
connection unsecure;
|
||||
error ER_TABLEACCESS_DENIED_ERROR;
|
||||
INSERT INTO t1 VALUES (1,USER());
|
||||
|
||||
SELECT * FROM t1;
|
||||
connection default;
|
||||
DROP DATABASE mysqltest1;
|
||||
|
||||
--echo End of 5.1 tests
|
||||
|
@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
|
||||
thd->lex->comment.length : 2048),
|
||||
thd->lex->comment.str));
|
||||
|
||||
if (check_global_access(thd, SUPER_ACL))
|
||||
{
|
||||
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
|
||||
DBUG_VOID_RETURN;
|
||||
}
|
||||
|
||||
/*
|
||||
Temporarily turn off send_ok, since different events handle this
|
||||
differently
|
||||
|
Loading…
x
Reference in New Issue
Block a user