Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5245

Audit plugin reveals user lists to unprivileged users

        Details

        • Type: Task
        • Status: In Progress
        • Priority: Major
        • Resolution: Unresolved
        • Fix Version/s: None
        • Component/s: None
        • Labels:
          None

          Description

          It's not a bug from the coding perspective, but possibly a specification one, or at least a point for consideration.

          When server_audit_excl_users or server_audit_incl_users are configured, they (as other variables) are visible to any database user, even the least privileged ones. Thus a user gets access to other users' login names and audit settings which is probably not a good idea in production.

          At the moment I don't have any suggestions on how to make it better, I'm not sure if there are any mechanisms to hide a system variable contents from a user.

            Gliffy Diagrams

              Attachments

                Issue Links

                relates to

                Task - A task that needs to be done. MDEV-4472 Auditing Plugin

                • Major - Major loss of function.
                • Closed

                  Activity

                  Hide
                  Permalink
                  serg Sergei Golubchik added a comment -

                  I could think of a workaround. E.g. keep the variable value (the string that's shown in I_S and SHOW) always empty, the update callback will update internal filters but not the user-visible variable value.

                  That's kind of bad, because the user won't see the current filter.

                  It can be exported via another status variable, and there SHOW_FUNC will check privileges and only show the filter to a SUPER user.

                  The main question — is is something we want to do?

                  Show
                  serg Sergei Golubchik added a comment - I could think of a workaround. E.g. keep the variable value (the string that's shown in I_S and SHOW) always empty, the update callback will update internal filters but not the user-visible variable value. That's kind of bad, because the user won't see the current filter. It can be exported via another status variable, and there SHOW_FUNC will check privileges and only show the filter to a SUPER user. The main question — is is something we want to do?

                    People

                    • Assignee:
                      holyfoot Alexey Botchkov
                      Reporter:
                      elenst Elena Stepanova
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      2 Start watching this issue

                      Dates

                      • Created:
                        Updated: