database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-11-06 13:10:12 +03:00
Code Activity
Files
780fc6b6f94c966a616ca85fb46b684bc6d0d101
mariadb/mysql-test/t/sp-security.test
unknown 06bf59ad33 Bug#18630: Arguments of suid routine calculated in wrong security 
context.

Routine arguments were evaluated in the security context of the routine
itself, not in the caller's context.

The bug is fixed the following way:

  - Item_func_sp::find_and_check_access() has been split into two
    functions: Item_func_sp::find_and_check_access() itself only
    finds the function and check that the caller have EXECUTE privilege
    on it.  New function set_routine_security_ctx() changes security
    context for SUID routines and checks that definer have EXECUTE
    privilege too.

  - new function sp_head::execute_trigger() is called from
    Table_triggers_list::process_triggers() instead of
    sp_head::execute_function(), and is effectively just as the
    sp_head::execute_function() is, with all non-trigger related code
    removed, and added trigger-specific security context switch.

  - call to Item_func_sp::find_and_check_access() stays outside
    of sp_head::execute_function(), and there is a code in
    sql_parse.cc before the call to sp_head::execute_procedure() that
    checks that the caller have EXECUTE privilege, but both
    sp_head::execute_function() and sp_head::execute_procedure() call
    set_routine_security_ctx() after evaluating their parameters,
    and restore the context after the body is executed.


mysql-test/r/sp-security.result:
  Add test case for bug#18630: Arguments of suid routine calculated
  in wrong security context.
mysql-test/t/sp-security.test:
  Add result for bug#18630: Arguments of suid routine calculated
  in wrong security context.
sql/item_func.cc:
  Do not change security context before executing the function, as it
  will be changed after argument evaluation.
  Do not change security context in Item_func_sp::find_and_check_access().
sql/item_func.h:
  Change prototype for Item_func_sp::find_and_check_access().
sql/sp_head.cc:
  Add set_routine_security_ctx() function.
  Add sp_head::execute_trigger() method.
  Change security context in sp_head::execute_trigger(), and in
  sp_head::execute_function() and sp_head::execute_procedure()
  after argument evaluation.
  Move pop_all_cursors() call to sp_head::execute().
sql/sp_head.h:
  Add declaration for sp_head::execute_trigger() and
  set_routine_security_ctx().
sql/sql_parse.cc:
  Do not change security context before executing the procedure, as it
  will be changed after argument evaluation.
sql/sql_trigger.cc:
  Call new sp_head::execute_trigger() instead of
  sp_head::execute_function(), which is responsible to switch
  security context.
2006-07-13 17:12:31 +04:00

19 KiB
Raw Blame History

View Raw
View Git Blame Copy Permalink