diff options
| author | Georgi Kodinov <joro@sun.com> | 2009-03-25 15:37:21 +0200 |
|---|---|---|
| committer | Georgi Kodinov <joro@sun.com> | 2009-03-25 15:37:21 +0200 |
| commit | 9536bd657b2c6d3228009189c7c17a028342b8f5 (patch) | |
| tree | 755a493a146fd0903659860f90b251eb73a8dc9e /sql/sp_head.cc | |
| parent | 79ad0a2c93a5be4cd6fd53dc9a7aa2dd5757ede8 (diff) | |
| download | mariadb-git-9536bd657b2c6d3228009189c7c17a028342b8f5.tar.gz | |
Bug#43748: crash when non-super user tries to kill the replication threads
(Pushing for Azundris)
We allow security-contexts with NULL users (for
system-threads and for unauthenticated users).
If a non-SUPER-user tried to KILL such a thread,
we tried to compare the user-fields to see whether
they owned that thread. Comparing against NULL was
not a good idea.
If KILLer does not have SUPER-privilege, we
specifically check whether both KILLer and KILLee
have a non-NULL user before testing for string-
equality. If either is NULL, we reject the KILL.
mysql-test/r/rpl_temporary.result:
Try to have a non-SUPER user KILL a system thread.
mysql-test/t/rpl_temporary.test:
Try to have a non-SUPER user KILL a system thread.
sql/sql_parse.cc:
Make sure security contexts of both KILLer *and*
KILLee are non-NULL before testing for string-equality!
Diffstat (limited to 'sql/sp_head.cc')
0 files changed, 0 insertions, 0 deletions