Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19088

SUPER is not required for ALTER FUNCTION when log_bin_trust_function_creators=OFF and log_bin=ON

    XMLWordPrintable

    Details

      Description

      The documentation says that SUPER should be required for ALTER FUNCTION when log_bin_trust_function_creators=OFF and log_bin=ON:

      https://mariadb.com/kb/en/library/alter-function/

      https://mariadb.com/kb/en/library/binary-logging-of-stored-routines/

      https://mariadb.com/kb/en/library/replication-and-binary-log-system-variables/#log_bin_trust_function_creators

      But a quick test shows that this is not the case.

      For example, if I create a function as a user with SUPER:

      CREATE FUNCTION trust_me(x INT)
      RETURNS INT
      DETERMINISTIC
      READS SQL DATA
         RETURN (x);
      

      And then create a user with the ALTER ROUTINE privilege, but without SUPER:

      CREATE USER 'function_test'@localhost IDENTIFIED BY 'password';
      GRANT ALTER ROUTINE ON db1.* TO 'function_test'@localhost;
      

      And then ensure that both log_bin_trust_function_creators=OFF and log_bin=ON:

      MariaDB [db1]> SHOW GLOBAL VARIABLES WHERE Variable_name IN('log_bin_trust_function_creators', 'log_bin');
      +---------------------------------+-------+
      | Variable_name                   | Value |
      +---------------------------------+-------+
      | log_bin                         | ON    |
      | log_bin_trust_function_creators | OFF   |
      +---------------------------------+-------+
      2 rows in set (0.01 sec)
      

      You would think that this user would not be able to alter the function. But a test shows that the user can:

      MariaDB [db1]> ALTER FUNCTION trust_me NO SQL;
      Query OK, 0 rows affected (0.00 sec)
       
      MariaDB [db1]> SHOW GRANTS;
      +----------------------------------------------------------------------------------------------------------------------+
      | Grants for function_test@localhost                                                                                   |
      +----------------------------------------------------------------------------------------------------------------------+
      | GRANT USAGE ON *.* TO 'function_test'@'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
      | GRANT ALTER ROUTINE ON `db1`.* TO 'function_test'@'localhost'                                                        |
      +----------------------------------------------------------------------------------------------------------------------+
      2 rows in set (0.00 sec)
      

      Code analysis shows that the Sp_handler::sp_update_routine does not check SUPER_ACL like Sp_handler::sp_create_routine does.

      sp_create_routine check:

      https://github.com/MariaDB/server/blob/8cf7e3459d7309ce122824146260c4aecfa6ca77/sql/sp.cc#L1397

      sp_update_routine check:

      https://github.com/MariaDB/server/blob/8cf7e3459d7309ce122824146260c4aecfa6ca77/sql/sp.cc#L1632

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            GeoffMontee Geoff Montee
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: