Patch for BUG#31111: --read-only crashes MySQL (events fail to load).

There actually were several problems here: - WRITE-lock is required to load events from the mysql.event table, but in the read-only mode an ordinary user can not acquire it; - Security_context::master_access attribute was not properly initialized in Security_context::init(), which led to differences in behavior with and without debug configure options. - if the server failed to load events from mysql.event, it forgot to close the mysql.event table, that led to the coredump, described in the bug report. The patch is to fix all these problems: - Use the super-user to acquire WRITE-lock on the mysql.even table; - The WRITE-lock is acquired by the event scheduler in two cases: - on initial loading of events from the database; - when an event has been executed, so its attributes should be updated. Other cases when WRITE-lock is needed for the mysql.event table happen under the user account. So, nothing should be changed there for the read-only mode. The user is able to create/update/drop an event only if he is a super-user. - Initialize Security_context::master_access; - Close the mysql.event table in case something went wrong. mysql-test/r/events_bugs.result: Update result file. mysql-test/t/events_bugs.test: A test case for BUG#31111: --read-only crashes MySQL (events fail to load). sql/event_data_objects.cc: When the worker thread is going to drop event after the execution we should do it under the super-user privileges in order to be able to lock the mysql.event table for writing in the read-only mode. This is a system operation, where user SQL can not be executed. So, there is no risk in compromising security by dropping an event under the super-user privileges. sql/event_db_repository.cc: 1. Close tables if something went wrong in simple_open_n_lock_tables(); 2. As soon as the system event scheduler thread is running under the super-user privileges, we should always be able to acquire WRITE-lock on the mysql.event table. However, let's have an assert to check this. sql/event_scheduler.cc: Run the system event scheduler thread under the super-user privileges. In particular, this is needed to be able to lock the mysql.event table for writing when the server is running in the read-only mode. The event scheduler executes only system operations and does not execute user SQL (this is what the worker threads for). So, there is no risk in compromising security by running the event scheduler under the super-user privileges. sql/events.cc: Open the mysql.event table as the super user to be able to acquire WRITE-lock in the read-only mode. sql/sql_class.cc: Initialize Security_context::master_acces.
2025-08-08 11:22:35 +03:00 · 2007-10-19 19:57:08 +04:00
parent b0488a3203
commit 66cd6d0c8f
7 changed files with 360 additions and 16 deletions
--- a/sql/event_data_objects.cc
+++ b/sql/event_data_objects.cc
@@ -2017,6 +2017,7 @@ end_no_lex_start:
      ret= 1;
    else
    {
+      ulong saved_master_access;
      /*
        Peculiar initialization order is a crutch to avoid races in SHOW
        PROCESSLIST which reads thd->{query/query_length} without a mutex.
@@ -2024,8 +2025,19 @@ end_no_lex_start:
      thd->query_length= 0;
      thd->query= sp_sql.c_ptr_safe();
      thd->query_length= sp_sql.length();
-      if (Events::drop_event(thd, dbname, name, FALSE))
-        ret= 1;
+
+      /*
+        NOTE: even if we run in read-only mode, we should be able to lock
+        the mysql.event table for writing. In order to achieve this, we
+        should call mysql_lock_tables() under the super-user.
+      */
+
+      saved_master_access= thd->security_ctx->master_access;
+      thd->security_ctx->master_access |= SUPER_ACL;
+
+      ret= Events::drop_event(thd, dbname, name, FALSE);
+
+      thd->security_ctx->master_access= saved_master_access;
    }
  }
 #ifndef NO_EMBEDDED_ACCESS_CHECKS