diff options
| author | unknown <mats@kindahl-laptop.dnsalias.net> | 2007-11-03 01:33:48 +0100 |
|---|---|---|
| committer | unknown <mats@kindahl-laptop.dnsalias.net> | 2007-11-03 01:33:48 +0100 |
| commit | b835c18a80bd1a45464f154047b3f359713da230 (patch) | |
| tree | 161905296667a7dd1bedf93245edcd75ff7668b3 /mysql-test/t/mysqlbinlog.test | |
| parent | e34c130441582fab253577cde4cacfaf58d0b1bd (diff) | |
| download | mariadb-git-b835c18a80bd1a45464f154047b3f359713da230.tar.gz | |
BUG#31611 (Security risk with BINLOG statement):
Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.
mysql-test/r/mysqlbinlog.result:
Result change.
mysql-test/t/mysqlbinlog.test:
Adding test that generates a BINLOG command for inserting data into a
table and feed the BINLOG statement into the database as an untrusted
user. Also checking that insertion into the table fails for that user
and that the table only contain a single line: the original one inserted.
sql/sql_binlog.cc:
Adding a check that the executor of the BINLOG command has
SUPER privileges and give an error and abort execution if not.
Diffstat (limited to 'mysql-test/t/mysqlbinlog.test')
| -rw-r--r-- | mysql-test/t/mysqlbinlog.test | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/mysql-test/t/mysqlbinlog.test b/mysql-test/t/mysqlbinlog.test index 25bd9a402ae..8635bbfab87 100644 --- a/mysql-test/t/mysqlbinlog.test +++ b/mysql-test/t/mysqlbinlog.test @@ -250,4 +250,31 @@ flush logs; --exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null +--echo BUG#31611: Security risk with BINLOG statement + +SET BINLOG_FORMAT=ROW; +CREATE DATABASE mysqltest1; +CREATE USER untrusted@localhost; +GRANT SELECT ON mysqltest1.* TO untrusted@localhost; + +SHOW GRANTS FOR untrusted@localhost; +USE mysqltest1; +CREATE TABLE t1 (a INT, b CHAR(64)); +flush logs; +INSERT INTO t1 VALUES (1,USER()); +flush logs; +echo mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql; +exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000017 > $MYSQLTEST_VARDIR/tmp/bug31611.sql; +connect (unsecure,localhost,untrusted,,mysqltest1); +echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql; +error 1; +exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql; +connection unsecure; +error ER_TABLEACCESS_DENIED_ERROR; +INSERT INTO t1 VALUES (1,USER()); + +SELECT * FROM t1; +connection default; +DROP DATABASE mysqltest1; + --echo End of 5.1 tests |