diff options
| author | Daniel Fischer <df@sun.com> | 2009-04-30 12:16:50 +0200 |
|---|---|---|
| committer | Daniel Fischer <df@sun.com> | 2009-04-30 12:16:50 +0200 |
| commit | 80d982eb9867b33ebe2f5d0e64d4dae2fa9487d3 (patch) | |
| tree | 6ac3a990fe12639594c70a4dc045abb4d730fdee | |
| parent | 5d2a6c475ad189998db37569bdd8335e1bb1ce85 (diff) | |
| download | mariadb-git-80d982eb9867b33ebe2f5d0e64d4dae2fa9487d3.tar.gz | |
backport #43748, applying commits 70359 and 70377
| -rw-r--r-- | sql/sql_class.cc | 7 | ||||
| -rw-r--r-- | sql/sql_class.h | 1 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 20 |
3 files changed, 27 insertions, 1 deletions
diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 883291ec460..ed68d7fad54 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -2125,6 +2125,13 @@ void Security_context::skip_grants() } +bool Security_context::user_matches(Security_context *them) +{ + return ((user != NULL) && (them->user != NULL) && + !strcmp(user, them->user)); +} + + /**************************************************************************** Handling of open and locked tables states. diff --git a/sql/sql_class.h b/sql/sql_class.h index c8d42d44df7..6316aca444d 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -978,6 +978,7 @@ public: { return (*priv_host ? priv_host : (char *)"%"); } + bool user_matches(Security_context *); }; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 91c5cacc4d0..23761b400f0 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -7339,8 +7339,26 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) VOID(pthread_mutex_unlock(&LOCK_thread_count)); if (tmp) { + + /* + If we're SUPER, we can KILL anything, including system-threads. + No further checks. + + KILLer: thd->security_ctx->user could in theory be NULL while + we're still in "unauthenticated" state. This is a theoretical + case (the code suggests this could happen, so we play it safe). + + KILLee: tmp->security_ctx->user will be NULL for system threads. + We need to check so Jane Random User doesn't crash the server + when trying to kill a) system threads or b) unauthenticated users' + threads (Bug#43748). + + If user of both killer and killee are non-NULL, proceed with + slayage if both are string-equal. + */ + if ((thd->security_ctx->master_access & SUPER_ACL) || - !strcmp(thd->security_ctx->user, tmp->security_ctx->user)) + thd->security_ctx->user_matches(tmp->security_ctx)) { tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); error=0; |