Commit eeef9467 authored by Tatiana A. Nurnberg's avatar Tatiana A. Nurnberg

Bug#43748: crash when non-super user tries to kill the replication threads

Fine-tuning. Broke out comparison into method by
suggestion of Davi. Clarified comments. Reverting
test-case which I find too brittle; proper test
case in 5.1+.
parent 4abb1a7d
...@@ -4,24 +4,6 @@ reset master; ...@@ -4,24 +4,6 @@ reset master;
reset slave; reset slave;
drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
start slave; start slave;
FLUSH PRIVILEGES;
drop table if exists t999;
create temporary table t999(
id int,
user char(255),
host char(255),
db char(255),
Command char(255),
time int,
State char(255),
info char(255)
);
LOAD DATA INFILE "./tmp/bl_dump_thread_id" into table t999;
drop table t999;
GRANT USAGE ON *.* TO user43748@localhost;
KILL `select id from information_schema.processlist where command='Binlog Dump'`;
ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'`
DROP USER user43748@localhost;
reset master; reset master;
SET @save_select_limit=@@session.sql_select_limit; SET @save_select_limit=@@session.sql_select_limit;
SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100; SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
......
...@@ -3,42 +3,6 @@ source include/add_anonymous_users.inc; ...@@ -3,42 +3,6 @@ source include/add_anonymous_users.inc;
source include/master-slave.inc; source include/master-slave.inc;
#
# Bug#43748: crash when non-super user tries to kill the replication threads
#
--connection master
save_master_pos;
--connection slave
sync_with_master;
--connection slave
FLUSH PRIVILEGES;
# in 5.0, we need to do some hocus pocus to get a system-thread ID (-> $id)
--source include/get_binlog_dump_thread_id.inc
# make a non-privileged user on slave. try to KILL system-thread as her.
GRANT USAGE ON *.* TO user43748@localhost;
--connect (mysqltest_2_con,localhost,user43748,,test,$SLAVE_MYPORT,)
--connection mysqltest_2_con
--replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`"
--error ER_KILL_DENIED_ERROR
eval KILL $id;
--disconnect mysqltest_2_con
--connection slave
DROP USER user43748@localhost;
--connection master
# Clean up old slave's binlogs. # Clean up old slave's binlogs.
# The slave is started with --log-slave-updates # The slave is started with --log-slave-updates
# and this test does SHOW BINLOG EVENTS on the slave's # and this test does SHOW BINLOG EVENTS on the slave's
......
...@@ -2144,6 +2144,13 @@ void Security_context::skip_grants() ...@@ -2144,6 +2144,13 @@ void Security_context::skip_grants()
} }
bool Security_context::user_matches(Security_context *them)
{
return ((user != NULL) && (them->user != NULL) &&
!strcmp(user, them->user));
}
/**************************************************************************** /****************************************************************************
Handling of open and locked tables states. Handling of open and locked tables states.
......
...@@ -985,6 +985,7 @@ class Security_context { ...@@ -985,6 +985,7 @@ class Security_context {
{ {
return (*priv_host ? priv_host : (char *)"%"); return (*priv_host ? priv_host : (char *)"%");
} }
bool user_matches(Security_context *);
}; };
......
...@@ -7391,22 +7391,21 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) ...@@ -7391,22 +7391,21 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query)
If we're SUPER, we can KILL anything, including system-threads. If we're SUPER, we can KILL anything, including system-threads.
No further checks. No further checks.
thd..user could in theory be NULL while we're still in KILLer: thd->security_ctx->user could in theory be NULL while
"unauthenticated" state. This is more a theoretical case. we're still in "unauthenticated" state. This is a theoretical
case (the code suggests this could happen, so we play it safe).
tmp..user will be NULL for system threads (cf Bug#43748). KILLee: tmp->security_ctx->user will be NULL for system threads.
We need to check so Jane Random User doesn't crash the server We need to check so Jane Random User doesn't crash the server
when trying to kill a) system threads or b) unauthenticated when trying to kill a) system threads or b) unauthenticated users'
users' threads. threads (Bug#43748).
If user of both killer and killee are non-null, proceed with If user of both killer and killee are non-NULL, proceed with
slayage if both are string-equal. slayage if both are string-equal.
*/ */
if ((thd->security_ctx->master_access & SUPER_ACL) || if ((thd->security_ctx->master_access & SUPER_ACL) ||
((thd->security_ctx->user != NULL) && thd->security_ctx->user_matches(tmp->security_ctx))
(tmp->security_ctx->user != NULL) &&
!strcmp(thd->security_ctx->user, tmp->security_ctx->user)))
{ {
tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION);
error=0; error=0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment