Bug #39106:

SUPER is not required to change binlog format for session A user without SUPER privileges can change the value of the session variable BINLOG_FORMAT, causing problems for a DBA. This changeset requires a user to have SUPER privileges to change the value of the session variable BINLOG_FORMAT, and not only the global variable BINLOG_FORMAT.
2026-01-06 05:22:24 +03:00 · 2008-09-09 12:19:31 +02:00
parent 9b8aa4683b
commit 69a8281c41
4 changed files with 104 additions and 0 deletions
--- a/mysql-test/suite/binlog/r/binlog_grant.result
+++ b/mysql-test/suite/binlog/r/binlog_grant.result
@@ -0,0 +1,28 @@
+reset master;
+set @saved_binlog_format = @@global.binlog_format;
+create user mysqltest_1@localhost;
+show grants for mysqltest_1@localhost;
+Grants for mysqltest_1@localhost
+GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
+**** Variable SQL_LOG_BIN ****
+[root]
+set global sql_log_bin = 1;
+ERROR HY000: Variable 'sql_log_bin' is a SESSION variable and can't be used with SET GLOBAL
+set session sql_log_bin = 1;
+[plain]
+set global sql_log_bin = 1;
+ERROR HY000: Variable 'sql_log_bin' is a SESSION variable and can't be used with SET GLOBAL
+set session sql_log_bin = 1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+**** Variable BINLOG_FORMAT ****
+[root]
+set global binlog_format = row;
+set session binlog_format = row;
+[plain]
+set global binlog_format = row;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+set session binlog_format = row;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+**** Clean up ****
+set global binlog_format = @saved_binlog_format;
+drop user mysqltest_1@localhost;
--- a/mysql-test/suite/binlog/t/binlog_grant.test
+++ b/mysql-test/suite/binlog/t/binlog_grant.test
@@ -0,0 +1,60 @@
+# Test grants for various objects (especially variables) related to
+# the binary log
+
+source include/have_log_bin.inc;
+
+connection default;
+--disable_warnings
+reset master;
+--enable_warnings
+
+set @saved_binlog_format = @@global.binlog_format;
+create user mysqltest_1@localhost;
+show grants for mysqltest_1@localhost;
+
+connect (plain,localhost,mysqltest_1,,test);
+connect (root,localhost,root,,test);
+
+# Testing setting both session and global SQL_LOG_BIN variable both as
+# root and as plain user.
+
+--echo **** Variable SQL_LOG_BIN ****
+
+connection root;
+--echo [root]
+--error ER_LOCAL_VARIABLE
+set global sql_log_bin = 1;
+set session sql_log_bin = 1;
+
+connection plain;
+--echo [plain]
+--error ER_LOCAL_VARIABLE
+set global sql_log_bin = 1;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+set session sql_log_bin = 1;
+
+
+# Testing setting both session and global BINLOG_FORMAT variable both
+# as root and as plain user.
+
+--echo **** Variable BINLOG_FORMAT ****
+
+connection root;
+--echo [root]
+set global binlog_format = row;
+set session binlog_format = row;
+
+connection plain;
+--echo [plain]
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+set global binlog_format = row;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+set session binlog_format = row;
+
+--echo **** Clean up ****
+disconnect plain;
+disconnect root;
+
+connection default;
+set global binlog_format = @saved_binlog_format;
+drop user mysqltest_1@localhost;