Skip to content

M
mariadb
Switch branch/tag
Find file BlameHistoryPermalink
  • unknown's avatar
    Bug#18630: Arguments of suid routine calculated in wrong security · 06bf59ad
    unknown authored 
               context.

Routine arguments were evaluated in the security context of the routine
itself, not in the caller's context.

The bug is fixed the following way:

  - Item_func_sp::find_and_check_access() has been split into two
    functions: Item_func_sp::find_and_check_access() itself only
    finds the function and check that the caller have EXECUTE privilege
    on it.  New function set_routine_security_ctx() changes security
    context for SUID routines and checks that definer have EXECUTE
    privilege too.

  - new function sp_head::execute_trigger() is called from
    Table_triggers_list::process_triggers() instead of
    sp_head::execute_function(), and is effectively just as the
    sp_head::execute_function() is, with all non-trigger related code
    removed, and added trigger-specific security context switch.

  - call to Item_func_sp::find_and_check_access() stays outside
    of sp_head::execute_function(), and there is a code in
    sql_parse.cc before the call to sp_head::execute_procedure() that
    checks that the caller have EXECUTE privilege, but both
    sp_head::execute_function() and sp_head::execute_procedure() call
    set_routine_security_ctx() after evaluating their parameters,
    and restore the context after the body is executed.


mysql-test/r/sp-security.result:
  Add test case for bug#18630: Arguments of suid routine calculated
  in wrong security context.
mysql-test/t/sp-security.test:
  Add result for bug#18630: Arguments of suid routine calculated
  in wrong security context.
sql/item_func.cc:
  Do not change security context before executing the function, as it
  will be changed after argument evaluation.
  Do not change security context in Item_func_sp::find_and_check_access().
sql/item_func.h:
  Change prototype for Item_func_sp::find_and_check_access().
sql/sp_head.cc:
  Add set_routine_security_ctx() function.
  Add sp_head::execute_trigger() method.
  Change security context in sp_head::execute_trigger(), and in
  sp_head::execute_function() and sp_head::execute_procedure()
  after argument evaluation.
  Move pop_all_cursors() call to sp_head::execute().
sql/sp_head.h:
  Add declaration for sp_head::execute_trigger() and
  set_routine_security_ctx().
sql/sql_parse.cc:
  Do not change security context before executing the procedure, as it
  will be changed after argument evaluation.
sql/sql_trigger.cc:
  Call new sp_head::execute_trigger() instead of
  sp_head::execute_function(), which is responsible to switch
  security context.
    06bf59ad
sp_head.cc 91.6 KB
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7