Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4500

ConnectSE: Excessive FILE privilege requirement for read-only operations

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.0.2
    • Fix Version/s: 10.0
    • Component/s: None
    • Labels:

      Description

      Currently to use an outward CONNECT table, one needs the FILE privilege not only for DDL operations (which is completely reasonable) or for DML (which is questionable, but possibly all right), but even for SELECT, which makes the use of the engine limited to either administrative or testing purposes.

      I suppose there is no real need in FILE privilege for SELECT operations, please lift it if possible.

      Please also consider whether it's needed for INSERT/UPDATE/DELETE.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            serg Sergei Golubchik added a comment -

            Uhm, this is questionable. One needs FILE privilege for LOAD DATA INFILE or LOAD_FILE() function. That is, FILE privilege is normally required both for reading and writing (SELECT ... OUTFILE).

            We must require FILE to read a file outside of datadir. And SELECT from a CONNECT table, is just it — reading a file outside of datadir.

            On the other hand, one can argue that FILE should be only needed to create such a table, not later on.

            Show
            serg Sergei Golubchik added a comment - Uhm, this is questionable. One needs FILE privilege for LOAD DATA INFILE or LOAD_FILE() function. That is, FILE privilege is normally required both for reading and writing (SELECT ... OUTFILE). We must require FILE to read a file outside of datadir. And SELECT from a CONNECT table, is just it — reading a file outside of datadir. On the other hand, one can argue that FILE should be only needed to create such a table, not later on.
            Hide
            elenst Elena Stepanova added a comment -

            Isn't it secure_file_priv that makes a difference for where the file is read from?
            In any case, currently for CONNECT it doesn't seem to matter where the file resides, it doesn't allow reading without FILE privilege even when the file is in the same datadir/db/ folder. Otherwise I suppose it could be a viable workaround, even if not very elegant, to put the files that are needed for public tables into the datadir (or into secure_file_priv directory).

            Show
            elenst Elena Stepanova added a comment - Isn't it secure_file_priv that makes a difference for where the file is read from? In any case, currently for CONNECT it doesn't seem to matter where the file resides, it doesn't allow reading without FILE privilege even when the file is in the same datadir/db/ folder. Otherwise I suppose it could be a viable workaround, even if not very elegant, to put the files that are needed for public tables into the datadir (or into secure_file_priv directory).
            Hide
            bar Alexander Barkov added a comment -

            Discussed with Serg and Elena.
            Summary:
            1. It's fine to require FILE privilege even if the file is in secure_file_priv.

            2. It would be nice to support this syntax:

            GRANT FILE ON '/usr/home/xxx' TO username;

            Wildcard question aren't perfectly clear here. Using % and _ would be
            consistent and logical. On the other hand, using * and ? would be also
            consistent and logical, right? Supporting all the four is kind of silly.

            3. Changing priority to Minor, waiting for more user feedback on this topic.

            Show
            bar Alexander Barkov added a comment - Discussed with Serg and Elena. Summary: 1. It's fine to require FILE privilege even if the file is in secure_file_priv. 2. It would be nice to support this syntax: GRANT FILE ON '/usr/home/xxx' TO username; Wildcard question aren't perfectly clear here. Using % and _ would be consistent and logical. On the other hand, using * and ? would be also consistent and logical, right? Supporting all the four is kind of silly. 3. Changing priority to Minor, waiting for more user feedback on this topic.

              People

              • Assignee:
                bar Alexander Barkov
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: