Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
bafe7f60
Commit
bafe7f60
authored
Mar 25, 2009
by
Tatiana A. Nurnberg
Browse files
Options
Browse Files
Download
Plain Diff
Bug#43748: crash when non-super user tries to kill the replication threads
manual merge. also adds test specific to 5.1+
parents
921e3fe8
de8042d0
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
76 additions
and
1 deletion
+76
-1
mysql-test/suite/rpl/r/rpl_temporary.result
mysql-test/suite/rpl/r/rpl_temporary.result
+10
-0
mysql-test/suite/rpl/t/rpl_temporary.test
mysql-test/suite/rpl/t/rpl_temporary.test
+38
-0
sql/sql_class.cc
sql/sql_class.cc
+8
-0
sql/sql_class.h
sql/sql_class.h
+1
-0
sql/sql_parse.cc
sql/sql_parse.cc
+19
-1
No files found.
mysql-test/suite/rpl/r/rpl_temporary.result
View file @
bafe7f60
...
...
@@ -108,3 +108,13 @@ select * from t1;
a
1
drop table t1;
Bug#43748
make a non-privileged user on slave.
FLUSH PRIVILEGES;
GRANT USAGE ON *.* TO user43748@127.0.0.1 IDENTIFIED BY 'meow';
try to KILL system-thread as non-privileged user.
KILL `select id from information_schema.processlist where command='Binlog Dump'`;
ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'`
throw out test-user on slave.
DROP USER user43748@127.0.0.1;
done. back to master.
mysql-test/suite/rpl/t/rpl_temporary.test
View file @
bafe7f60
...
...
@@ -222,4 +222,42 @@ drop table t1;
# Delete the anonymous users
source
include
/
delete_anonymous_users
.
inc
;
#
# Bug#43748: crash when non-super user tries to kill the replication threads
#
--
echo
Bug
#43748
connection
slave
;
--
echo
make
a
non
-
privileged
user
on
slave
.
FLUSH
PRIVILEGES
;
GRANT
USAGE
ON
*.*
TO
user43748
@
127.0
.
0.1
IDENTIFIED
BY
'meow'
;
let
$id
=
`SELECT id FROM information_schema.processlist WHERE user='system user' LIMIT 1`
;
connect
(
cont43748
,
127.0
.
0.1
,
user43748
,
meow
,
test
,
$SLAVE_MYPORT
,);
connection
cont43748
;
--
echo
try
to
KILL
system
-
thread
as
non
-
privileged
user
.
--
replace_result
$id
"`select id from information_schema.processlist where command='Binlog Dump'`"
--
error
ER_KILL_DENIED_ERROR
eval
KILL
$id
;
disconnect
cont43748
;
connection
slave
;
--
echo
throw
out
test
-
user
on
slave
.
DROP
USER
user43748
@
127.0
.
0.1
;
connection
master
;
--
echo
done
.
back
to
master
.
# End of tests
sql/sql_class.cc
View file @
bafe7f60
...
...
@@ -2805,6 +2805,14 @@ Security_context::restore_security_context(THD *thd,
}
#endif
bool
Security_context
::
user_matches
(
Security_context
*
them
)
{
return
((
user
!=
NULL
)
&&
(
them
->
user
!=
NULL
)
&&
!
strcmp
(
user
,
them
->
user
));
}
/****************************************************************************
Handling of open and locked tables states.
...
...
sql/sql_class.h
View file @
bafe7f60
...
...
@@ -813,6 +813,7 @@ public:
void
restore_security_context
(
THD
*
thd
,
Security_context
*
backup
);
#endif
bool
user_matches
(
Security_context
*
);
};
...
...
sql/sql_parse.cc
View file @
bafe7f60
...
...
@@ -6890,8 +6890,26 @@ uint kill_one_thread(THD *thd, ulong id, bool only_kill_query)
VOID
(
pthread_mutex_unlock
(
&
LOCK_thread_count
));
if
(
tmp
)
{
/*
If we're SUPER, we can KILL anything, including system-threads.
No further checks.
KILLer: thd->security_ctx->user could in theory be NULL while
we're still in "unauthenticated" state. This is a theoretical
case (the code suggests this could happen, so we play it safe).
KILLee: tmp->security_ctx->user will be NULL for system threads.
We need to check so Jane Random User doesn't crash the server
when trying to kill a) system threads or b) unauthenticated users'
threads (Bug#43748).
If user of both killer and killee are non-NULL, proceed with
slayage if both are string-equal.
*/
if
((
thd
->
security_ctx
->
master_access
&
SUPER_ACL
)
||
!
strcmp
(
thd
->
security_ctx
->
user
,
tmp
->
security_ctx
->
user
))
thd
->
security_ctx
->
user_matches
(
tmp
->
security_ctx
))
{
tmp
->
awake
(
only_kill_query
?
THD
::
KILL_QUERY
:
THD
::
KILL_CONNECTION
);
error
=
0
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment