BUG#31611 (Security risk with BINLOG statement):

Adding check that the user executing a BINLOG statement has SUPER privileges and aborting execution of the statement with an error otherwise. mysql-test/r/mysqlbinlog.result: Result change. mysql-test/t/mysqlbinlog.test: Adding test that generates a BINLOG command for inserting data into a table and feed the BINLOG statement into the database as an untrusted user. Also checking that insertion into the table fails for that user and that the table only contain a single line: the original one inserted. sql/sql_binlog.cc: Adding a check that the executor of the BINLOG command has SUPER privileges and give an error and abort execution if not.
2025-07-29 05:21:33 +03:00 · 2007-11-03 01:33:48 +01:00
parent e34c130441
commit b835c18a80
3 changed files with 55 additions and 0 deletions
--- a/sql/sql_binlog.cc
+++ b/sql/sql_binlog.cc
@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
                            thd->lex->comment.length : 2048),
                     thd->lex->comment.str));

+  if (check_global_access(thd, SUPER_ACL))
+  {
+    my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
+    DBUG_VOID_RETURN;
+  }
+
  /*
    Temporarily turn off send_ok, since different events handle this
    differently