Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
13.0
-
Can result in unexpected behaviour
-
-
Q3/2026 Replic. Maintenance
Description
System variables wsrep_sst_donor and wsrep_sst_receive_address can be modified at run time by a database user with SUPER privileges.
Their values were not properly sanitized when used to construct a shell command, which allowed an appropriately privileged user to run shell commands as the uid of the mariadbd process
Reported by letchu_pkt
Attachments
Issue Links
- relates to
-
MDEV-25179 wsrep_provider and wsrep_notify_cmd system variables are writable
-
- Closed
-
-
MDEV-39413 wsrep unsafe handling of parameters
-
- Closed
-
-
MDEV-39648 wsrep_sst_rsync.sh: apply safe() to joiner-supplied parameters
-
- Closed
-
-
MDEV-39721 wsrep_notify_cmd should sanitize peer-supplied fields before shell substitution
-
- Closed
-
- links to