From b835c18a80bd1a45464f154047b3f359713da230 Mon Sep 17 00:00:00 2001
From: unknown <mats@kindahl-laptop.dnsalias.net>
Date: Sat, 3 Nov 2007 01:33:48 +0100
Subject: BUG#31611 (Security risk with BINLOG statement):

Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.


mysql-test/r/mysqlbinlog.result:
  Result change.
mysql-test/t/mysqlbinlog.test:
  Adding test that generates a BINLOG command for inserting data into a
  table and feed the BINLOG statement into the database as an untrusted
  user. Also checking that insertion into the table fails for that user
  and that the table only contain a single line: the original one inserted.
sql/sql_binlog.cc:
  Adding a check that the executor of the BINLOG command has
  SUPER privileges and give an error and abort execution if not.
---
 sql/sql_binlog.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'sql')

diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc
index 87224b8eea0..95eea9f20fa 100644
--- a/sql/sql_binlog.cc
+++ b/sql/sql_binlog.cc
@@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
                             thd->lex->comment.length : 2048),
                      thd->lex->comment.str));
 
+  if (check_global_access(thd, SUPER_ACL))
+  {
+    my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
+    DBUG_VOID_RETURN;
+  }
+
   /*
     Temporarily turn off send_ok, since different events handle this
     differently
-- 
cgit v1.2.1


From cda4afc2bfbd508ab189eedb1c0dfbe4861533b4 Mon Sep 17 00:00:00 2001
From: unknown <mats@kindahl-laptop.dnsalias.net>
Date: Mon, 5 Nov 2007 14:24:20 +0100
Subject: BUG#31611 (Security risk with BINLOG statement):

Incremental patch to remove redundant, but benign, my_error() call.


sql/sql_binlog.cc:
  Removing redundant error reporting.
---
 sql/sql_binlog.cc | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'sql')

diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc
index 95eea9f20fa..ee78c244fe4 100644
--- a/sql/sql_binlog.cc
+++ b/sql/sql_binlog.cc
@@ -38,10 +38,7 @@ void mysql_client_binlog_statement(THD* thd)
                      thd->lex->comment.str));
 
   if (check_global_access(thd, SUPER_ACL))
-  {
-    my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
     DBUG_VOID_RETURN;
-  }
 
   /*
     Temporarily turn off send_ok, since different events handle this
-- 
cgit v1.2.1