Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19088

SUPER is not required for ALTER FUNCTION when log_bin_trust_function_creators=OFF and log_bin=ON

    XMLWordPrintable

Details

    Description

      The documentation says that SUPER should be required for ALTER FUNCTION when log_bin_trust_function_creators=OFF and log_bin=ON:

      https://mariadb.com/kb/en/library/alter-function/

      https://mariadb.com/kb/en/library/binary-logging-of-stored-routines/

      https://mariadb.com/kb/en/library/replication-and-binary-log-system-variables/#log_bin_trust_function_creators

      But a quick test shows that this is not the case.

      For example, if I create a function as a user with SUPER:

      CREATE FUNCTION trust_me(x INT)
      		 
      RETURNS INT
      		 
      DETERMINISTIC
      		 
      READS SQL DATA
      		 
         RETURN (x);

      And then create a user with the ALTER ROUTINE privilege, but without SUPER:

      CREATE USER 'function_test'@localhost IDENTIFIED BY 'password';
      		 
      GRANT ALTER ROUTINE ON db1.* TO 'function_test'@localhost;

      And then ensure that both log_bin_trust_function_creators=OFF and log_bin=ON:

      MariaDB [db1]> SHOW GLOBAL VARIABLES WHERE Variable_name IN('log_bin_trust_function_creators', 'log_bin');
      		 
      +---------------------------------+-------+
      		 
      | Variable_name                   | Value |
      		 
      +---------------------------------+-------+
      		 
      | log_bin                         | ON    |
      		 
      | log_bin_trust_function_creators | OFF   |
      		 
      +---------------------------------+-------+
      		 
      2 rows in set (0.01 sec)

      You would think that this user would not be able to alter the function. But a test shows that the user can:

      MariaDB [db1]> ALTER FUNCTION trust_me NO SQL;
      		 
      Query OK, 0 rows affected (0.00 sec)
      		 
       
      		 
      MariaDB [db1]> SHOW GRANTS;
      		 
      +----------------------------------------------------------------------------------------------------------------------+
      		 
      | Grants for function_test@localhost                                                                                   |
      		 
      +----------------------------------------------------------------------------------------------------------------------+
      		 
      | GRANT USAGE ON *.* TO 'function_test'@'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
      		 
      | GRANT ALTER ROUTINE ON `db1`.* TO 'function_test'@'localhost'                                                        |
      		 
      +----------------------------------------------------------------------------------------------------------------------+
      		 
      2 rows in set (0.00 sec)

      Code analysis shows that the Sp_handler::sp_update_routine does not check SUPER_ACL like Sp_handler::sp_create_routine does.

      sp_create_routine check:

      https://github.com/MariaDB/server/blob/8cf7e3459d7309ce122824146260c4aecfa6ca77/sql/sp.cc#L1397

      sp_update_routine check:

      https://github.com/MariaDB/server/blob/8cf7e3459d7309ce122824146260c4aecfa6ca77/sql/sp.cc#L1632

      Attachments

        Activity

          People

            Unassigned Unassigned
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.