• unknown's avatar
    BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave · 12c6d1f3
    unknown authored
    Backport to 5.0.
    
    /*![:version:] Query Code */, where [:version:] is a sequence of 5 
    digits representing the mysql server version(e.g /*!50200 ... */),
    is a special comment that the query in it can be executed on those 
    servers whose versions are larger than the version appearing in the 
    comment. It leads to a security issue when slave's version is larger 
    than master's. A malicious user can improve his privileges on slaves. 
    Because slave SQL thread is running with SUPER privileges, so it can
    execute queries that he/she does not have privileges on master.
          
    This bug is fixed with the logic below: 
    - To replace '!' with ' ' in the magic comments which are not applied on
      master. So they become common comments and will not be applied on slave.
          
    - Example:
      'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
       will be binlogged as
      'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
    12c6d1f3
sql_parse.cc 246 KB