database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

BUG#31611 (Security risk with BINLOG statement):

Browse Source 
Adding check that the user executing a BINLOG statement has SUPER
privileges and aborting execution of the statement with an error
otherwise.
This commit is contained in:
mats@kindahl-laptop.dnsalias.net
2007-11-03 01:33:48 +01:00
parent 0b59871b83
commit c0138b94f0
3 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
mysql-test/r/mysqlbinlog.result
View File

@ -328,4 +328,26 @@ drop table t1;
drop table t1;
End of 5.0 tests
flush logs;
BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
Grants for untrusted@localhost
GRANT USAGE ON *.* TO 'untrusted'@'localhost'
GRANT SELECT ON `mysqltest1`.* TO 'untrusted'@'localhost'
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql
mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql
INSERT INTO t1 VALUES (1,USER());
ERROR 42000: INSERT command denied to user 'untrusted'@'localhost' for table 't1'
SELECT * FROM t1;
a b
1 root@localhost
DROP DATABASE mysqltest1;
End of 5.1 tests