From: Sasha Pachev
Date: January 19 2001 7:11pm
Subject: Re: Simple DoS scenario against mysql slaves
List-Archive: http://lists.mysql.com/mysql/62428
Message-Id: <0101191211422F.26357@mysql>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 8bit

On Friday 19 January 2001 11:16, Andreas Steinmetz wrote:
>Referring to my post "instant slave crash (signal 11) on 'set password'" to
>mysql@stripped:
>
>The scenario is still valid for 3.23.31. This means that any valid mysql user
>can cause the replicating slaves to crash using the 'set password' command.
>
>So any valid user can even unintendedly cause a denial of service condition 
for
>the mysql slaves, as any valid user is allowed to use the 'set password'
>command to change his or her password.
>
>This is a real bad problem. Could somebody of the mysql team please look into
>this?

Fix:

===== sql_acl.cc 1.23 vs edited =====
--- 1.23/sql/sql_acl.cc Fri Oct  6 12:14:45 2000
+++ edited/sql_acl.cc   Fri Jan 19 12:04:58 2001
@@ -781,8 +781,8 @@
   length=(uint) strlen(new_password);
   new_password[length & 16]=0;
 
-  if (!thd || strcmp(thd->user,user) ||
-      my_strcasecmp(host,thd->host ? thd->host : thd->ip))
+  if (!thd || (!thd->slave_thread && ( strcmp(thd->user,user) ||
+              my_strcasecmp(host,thd->host ? thd->host : thd->ip))))
   {
     if (check_access(thd, UPDATE_ACL, "mysql",0,1))
       return 1;                                                              
                 

I have now extended rpl000001 test case to test this also.

-- 
MySQL Development Team
   __  ___     ___ ____  __ 
  /  |/  /_ __/ __/ __ \/ /   Sasha Pachev <sasha@stripped>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Provo, Utah, USA
       <___/