Bug #39106 SUPER is not required to change binlog format for session
Submitted: 28 Aug 2008 20:09 Modified: 18 Oct 2008 12:35
Reporter: Lars Thalmann Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Row Based Replication ( RBR ) Severity:S3 (Non-critical)
Version:5.1 OS:Any
Assigned to: Mats Kindahl
Triage: D1 (Critical) / R2 (Low) / E2 (Low)

[28 Aug 2008 20:09] Lars Thalmann
Description:
A user can change the binlog format for the session (SUPER is required
for global but not for session).

If e.g. the DBA wants to use some tricks that are only possible using
RBL, then a user can now change the log himself to STATEMENT mode and
screw up things for the DBA.

(The alternative - to change it and only allow SUPER to change session
and global binlog format would mean that it would no longer possible
for a user to temporarily change to a certain format for some queries,
e.g. to improve performance.)

How to repeat:
See above

Suggested fix:
Require SUPER also for sessions.
[4 Sep 2008 14:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53265

2732 Mats Kindahl	2008-09-04
      Bug #39106:
      SUPER is not required to change binlog format for session
      
      A user without SUPER privileges can change the value of the
      session variable BINLOG_FORMAT, causing problems for a DBA.
      
      This changeset requires a user to have SUPER privileges to
      change the value of the session variable BINLOG_FORMAT, and
      not only the global variable BINLOG_FORMAT.
[9 Sep 2008 10:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53584

2685 Mats Kindahl	2008-09-09
      Bug #39106:
      SUPER is not required to change binlog format for session
      
      A user without SUPER privileges can change the value of the
      session variable BINLOG_FORMAT, causing problems for a DBA.
      
      This changeset requires a user to have SUPER privileges to
      change the value of the session variable BINLOG_FORMAT, and
      not only the global variable BINLOG_FORMAT.
[15 Sep 2008 8:20] Bugs System
Pushed into 5.1.29  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:3)
[15 Sep 2008 15:06] Jon Stephens
Documented in the 5.1.29 changelog as follows:

        IMPORTANT CHANGE: The SUPER privilege is now required to change the 
        session value of binlog_format as well as its global value.
[1 Oct 2008 15:54] Bugs System
Pushed into 5.1.29  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:4)
[7 Oct 2008 22:29] Jon Stephens
Set status to NDI pending merge to 6.0.
[7 Oct 2008 22:31] Jon Stephens
Set status to NDI pending merge to 6.0.
[17 Oct 2008 16:43] Bugs System
Pushed into 6.0.8-alpha  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:kpettersson@mysql.com-20080911114255-81pt7q1uvl1fkojq) (pib:5)
[18 Oct 2008 12:35] Jon Stephens
Bugfix is now also documented in the 6.0.8 changelog; updated replication-formats section of 6.0 Manual; closed bug report.
[28 Oct 2008 21:03] Bugs System
Pushed into 5.1.29-ndb-6.2.17  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:tomas.ulin@sun.com-20081028140209-u4emkk1xphi5tkfb) (pib:5)
[28 Oct 2008 22:22] Bugs System
Pushed into 5.1.29-ndb-6.3.19  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:tomas.ulin@sun.com-20081028194045-0353yg8cvd2c7dd1) (pib:5)
[1 Nov 2008 9:47] Bugs System
Pushed into 5.1.29-ndb-6.4.0  (revid:mats@mysql.com-20080909101931-qz8lt5tcvtlh9on3) (version source revid:jonas@mysql.com-20081101082305-qx5a1bj0z7i8ueys) (pib:5)
[5 May 2010 19:07] James Day
If investigating a problem with this, also see the later bug #47863 for the restriction introduced in 5.5.3-m3 and 6.0.14 and later making the setting read only within a transaction and modifiable only at a transaction boundary.