Skip to content

M
MariaDB
Commit c0138b94 authored by mats@kindahl-laptop.dnsalias.net's avatar mats@kindahl-laptop.dnsalias.net
Browse files
Options

BUG#31611 (Security risk with BINLOG statement): 

Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.
parent 0b59871b
Hide whitespace changes
Inline Side-by-side
Showing with 55 additions and 0 deletions
mysql-test/r/mysqlbinlog.result
View file @ c0138b94
...@@ -328,4 +328,26 @@ drop table t1; ...@@ -328,4 +328,26 @@ drop table t1;
drop table t1; drop table t1;
End of 5.0 tests End of 5.0 tests
flush logs; flush logs;
BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
Grants for untrusted@localhost
GRANT USAGE ON *.* TO 'untrusted'@'localhost'
GRANT SELECT ON `mysqltest1`.* TO 'untrusted'@'localhost'
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql
mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql
INSERT INTO t1 VALUES (1,USER());
ERROR 42000: INSERT command denied to user 'untrusted'@'localhost' for table 't1'
SELECT * FROM t1;
a b
1 root@localhost
DROP DATABASE mysqltest1;
End of 5.1 tests End of 5.1 tests
mysql-test/t/mysqlbinlog.test
View file @ c0138b94
...@@ -250,4 +250,31 @@ flush logs; ...@@ -250,4 +250,31 @@ flush logs;
--exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--echo BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
echo mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql;
exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000017 > $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connect (unsecure,localhost,untrusted,,mysqltest1);
echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql;
error 1;
exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connection unsecure;
error ER_TABLEACCESS_DENIED_ERROR;
INSERT INTO t1 VALUES (1,USER());
SELECT * FROM t1;
connection default;
DROP DATABASE mysqltest1;
--echo End of 5.1 tests --echo End of 5.1 tests
sql/sql_binlog.cc
View file @ c0138b94
...@@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd) ...@@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
thd->lex->comment.length : 2048), thd->lex->comment.length : 2048),
thd->lex->comment.str)); thd->lex->comment.str));
if (check_global_access(thd, SUPER_ACL))
{
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
DBUG_VOID_RETURN;
}
/* /*
Temporarily turn off send_ok, since different events handle this Temporarily turn off send_ok, since different events handle this
differently differently
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7