[MDEV-23884] donor uses invalid SST methods - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.1.47, 10.2.34, 10.3.25, 10.4.15, 10.5.6
Component/s: Galera SST
Labels:
None

Description

during SST a joiner sends an sst method name to the donor. Donor then appends it to the "wsrep_sst_" string to get the name of the sst script to use, e.g. wsrep_sst_rsync. There is no validation or filtering here, so if the malicious joiner sends, for example, "rsync `rm -rf /`" the donor will execute that too.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2020-10-03 17:52

Updated:: 2020-10-31 09:03

Resolved:: 2020-10-07 16:49