BUG#31611 (Security risk with BINLOG statement):

Adding check that the user executing a BINLOG statement has SUPER privileges and aborting execution of the statement with an error otherwise.
2025-07-29 05:21:33 +03:00 · 2007-11-03 01:33:48 +01:00
parent 0b59871b83
commit c0138b94f0
3 changed files with 55 additions and 0 deletions
--- a/sql/sql_binlog.cc
+++ b/sql/sql_binlog.cc
@ -37,6 +37,12 @@ void mysql_client_binlog_statement(THD* thd)
                            thd->lex->comment.length : 2048),
                     thd->lex->comment.str));

+  if (check_global_access(thd, SUPER_ACL))
+  {
+    my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
+    DBUG_VOID_RETURN;
+  }
+
  /*
    Temporarily turn off send_ok, since different events handle this
    differently