Commit 6921dd01 authored by mats@kindahl-laptop.dnsalias.net's avatar mats@kindahl-laptop.dnsalias.net

Merge kindahl-laptop.dnsalias.net:/home/bkroot/mysql-5.1

into  kindahl-laptop.dnsalias.net:/home/bk/b31611-mysql-5.1-target-5.1.22
parents 3434e4ed 31787d3d
...@@ -328,4 +328,26 @@ drop table t1; ...@@ -328,4 +328,26 @@ drop table t1;
drop table t1; drop table t1;
End of 5.0 tests End of 5.0 tests
flush logs; flush logs;
BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
Grants for untrusted@localhost
GRANT USAGE ON *.* TO 'untrusted'@'localhost'
GRANT SELECT ON `mysqltest1`.* TO 'untrusted'@'localhost'
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql
mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql
INSERT INTO t1 VALUES (1,USER());
ERROR 42000: INSERT command denied to user 'untrusted'@'localhost' for table 't1'
SELECT * FROM t1;
a b
1 root@localhost
DROP DATABASE mysqltest1;
End of 5.1 tests End of 5.1 tests
...@@ -250,4 +250,31 @@ flush logs; ...@@ -250,4 +250,31 @@ flush logs;
--exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null --exec $MYSQL_BINLOG --force-if-open $MYSQLTEST_VARDIR/log/master-bin.000016 >/dev/null 2>/dev/null
--echo BUG#31611: Security risk with BINLOG statement
SET BINLOG_FORMAT=ROW;
CREATE DATABASE mysqltest1;
CREATE USER untrusted@localhost;
GRANT SELECT ON mysqltest1.* TO untrusted@localhost;
SHOW GRANTS FOR untrusted@localhost;
USE mysqltest1;
CREATE TABLE t1 (a INT, b CHAR(64));
flush logs;
INSERT INTO t1 VALUES (1,USER());
flush logs;
echo mysqlbinlog var/log/master-bin.000017 > var/tmp/bug31611.sql;
exec $MYSQL_BINLOG $MYSQLTEST_VARDIR/log/master-bin.000017 > $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connect (unsecure,localhost,untrusted,,mysqltest1);
echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql;
error 1;
exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql;
connection unsecure;
error ER_TABLEACCESS_DENIED_ERROR;
INSERT INTO t1 VALUES (1,USER());
SELECT * FROM t1;
connection default;
DROP DATABASE mysqltest1;
--echo End of 5.1 tests --echo End of 5.1 tests
...@@ -37,6 +37,9 @@ void mysql_client_binlog_statement(THD* thd) ...@@ -37,6 +37,9 @@ void mysql_client_binlog_statement(THD* thd)
thd->lex->comment.length : 2048), thd->lex->comment.length : 2048),
thd->lex->comment.str)); thd->lex->comment.str));
if (check_global_access(thd, SUPER_ACL))
DBUG_VOID_RETURN;
/* /*
Temporarily turn off send_ok, since different events handle this Temporarily turn off send_ok, since different events handle this
differently differently
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment