• kroki/tomash@moonlight.intranet's avatar
    Bug#18630: Arguments of suid routine calculated in wrong security · 4272d1ef
    kroki/tomash@moonlight.intranet authored
               context.
    
    Routine arguments were evaluated in the security context of the routine
    itself, not in the caller's context.
    
    The bug is fixed the following way:
    
      - Item_func_sp::find_and_check_access() has been split into two
        functions: Item_func_sp::find_and_check_access() itself only
        finds the function and check that the caller have EXECUTE privilege
        on it.  New function set_routine_security_ctx() changes security
        context for SUID routines and checks that definer have EXECUTE
        privilege too.
    
      - new function sp_head::execute_trigger() is called from
        Table_triggers_list::process_triggers() instead of
        sp_head::execute_function(), and is effectively just as the
        sp_head::execute_function() is, with all non-trigger related code
        removed, and added trigger-specific security context switch.
    
      - call to Item_func_sp::find_and_check_access() stays outside
        of sp_head::execute_function(), and there is a code in
        sql_parse.cc before the call to sp_head::execute_procedure() that
        checks that the caller have EXECUTE privilege, but both
        sp_head::execute_function() and sp_head::execute_procedure() call
        set_routine_security_ctx() after evaluating their parameters,
        and restore the context after the body is executed.
    4272d1ef
sp_head.h 28 KB