Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23884

donor uses invalid SST methods

    XMLWordPrintable

    Details

      Description

      during SST a joiner sends an sst method name to the donor. Donor then appends it to the "wsrep_sst_" string to get the name of the sst script to use, e.g. wsrep_sst_rsync. There is no validation or filtering here, so if the malicious joiner sends, for example, "rsync `rm -rf /`" the donor will execute that too.

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration