diff options
| author | unknown <mats@kindahl-laptop.dnsalias.net> | 2007-11-03 01:33:48 +0100 |
|---|---|---|
| committer | unknown <mats@kindahl-laptop.dnsalias.net> | 2007-11-03 01:33:48 +0100 |
| commit | b835c18a80bd1a45464f154047b3f359713da230 (patch) | |
| tree | 161905296667a7dd1bedf93245edcd75ff7668b3 /sql/sql_binlog.cc | |
| parent | e34c130441582fab253577cde4cacfaf58d0b1bd (diff) | |
| download | mariadb-git-b835c18a80bd1a45464f154047b3f359713da230.tar.gz | |
BUG#31611 (Security risk with BINLOG statement):
Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.
mysql-test/r/mysqlbinlog.result:
Result change.
mysql-test/t/mysqlbinlog.test:
Adding test that generates a BINLOG command for inserting data into a
table and feed the BINLOG statement into the database as an untrusted
user. Also checking that insertion into the table fails for that user
and that the table only contain a single line: the original one inserted.
sql/sql_binlog.cc:
Adding a check that the executor of the BINLOG command has
SUPER privileges and give an error and abort execution if not.
Diffstat (limited to 'sql/sql_binlog.cc')
| -rw-r--r-- | sql/sql_binlog.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc index 87224b8eea0..95eea9f20fa 100644 --- a/sql/sql_binlog.cc +++ b/sql/sql_binlog.cc @@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd) thd->lex->comment.length : 2048), thd->lex->comment.str)); + if (check_global_access(thd, SUPER_ACL)) + { + my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER"); + DBUG_VOID_RETURN; + } + /* Temporarily turn off send_ok, since different events handle this differently |