1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG#31611 (Security risk with BINLOG statement):

Browse Source 
Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.
This commit is contained in:
mats@kindahl-laptop.dnsalias.net 2007-11-03 01:33:48 +01:00
parent 0b59871b83
commit c0138b94f0
3 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mysql-test/r/mysqlbinlog.result
View File

@ -328,4 +328,26 @@ drop table t1;
drop table t1; drop table t1;
End of 5.0 tests End of 5.0 tests
flush logs; flush logs;
BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
Grants for untrusted@localhost
GRANT USAGE ON *.* TO 'untrusted'@'localhost'
GRANT SELECT ON `mysqltest1`.* TO 'untrusted'@'localhost'
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql
mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql
INSERT INTO t1 VALUES (1,USER());
ERROR 42000: INSERT command denied to user 'untrusted'@'localhost' for table 't1'
SELECT * FROM t1;
a b
1 root@localhost
DROP DATABASE mysqltest1;
End of 5.1 tests End of 5.1 tests

27
mysql-test/t/mysqlbinlog.test
View File

@ -250,4 +250,31 @@ flush logs;
--exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--echo BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
echo mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql;
exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000017 > $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connect (unsecure,localhost,untrusted,,mysqltest1);
echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql;
error 1;
exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connection unsecure;
error ER_TABLEACCESS_DENIED_ERROR;
INSERT INTO t1 VALUES (1,USER());
SELECT * FROM t1;
connection default;
DROP DATABASE mysqltest1;
--echo End of 5.1 tests --echo End of 5.1 tests

6
sql/sql_binlog.cc
View File

@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
thd->lex->comment.length : 2048), thd->lex->comment.length : 2048),
thd->lex->comment.str)); thd->lex->comment.str));
if (check_global_access(thd, SUPER_ACL))
{
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
DBUG_VOID_RETURN;
}
/* /*
Temporarily turn off send_ok, since different events handle this Temporarily turn off send_ok, since different events handle this
differently differently