diff options
| author | <Li-Bing.Song@sun.com> | 2010-07-29 11:00:57 +0800 |
|---|---|---|
| committer | <Li-Bing.Song@sun.com> | 2010-07-29 11:00:57 +0800 |
| commit | 2ad690fdf8a1141be8439a7e2d53974a0d3ec923 (patch) | |
| tree | 49835843b47b50726e5c3eb2fde225851827a677 /sql/mysql_priv.h | |
| parent | f860873c0d1a16b85388f7d02c5bd2d201087513 (diff) | |
| download | mariadb-git-2ad690fdf8a1141be8439a7e2d53974a0d3ec923.tar.gz | |
BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave
/*![:version:] Query Code */, where [:version:] is a sequence of 5
digits representing the mysql server version(e.g /*!50200 ... */),
is a special comment that the query in it can be executed on those
servers whose versions are larger than the version appearing in the
comment. It leads to a security issue when slave's version is larger
than master's. A malicious user can improve his privileges on slaves.
Because slave SQL thread is running with SUPER privileges, so it can
execute queries that he/she does not have privileges on master.
This bug is fixed with the logic below:
- To replace '!' with ' ' in the magic comments which are not applied on
master. So they become common comments and will not be applied on slave.
- Example:
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
will be binlogged as
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
Diffstat (limited to 'sql/mysql_priv.h')
| -rw-r--r-- | sql/mysql_priv.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 88f3763ef50..9f2c0b04f2c 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1024,7 +1024,7 @@ bool mysql_opt_change_db(THD *thd, bool force_switch, bool *cur_db_changed); -void mysql_parse(THD *thd, const char *inBuf, uint length, +void mysql_parse(THD *thd, char *rawbuf, uint length, const char ** semicolon); bool mysql_test_parse_for_slave(THD *thd,char *inBuf,uint length); |