Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8545

Security definer views don't work with engine's privilege checks

        Details

        • Type: Bug
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Affects Version/s: 10.0, 5.5
        • Fix Version/s: 10.0
        • Component/s: Plugins
        • Labels:
          None

          Description

          This is a follow-up for MDEV-7574.

          Different engines check user privileges for some reasons. For example, InnoDB and XtraDB often check PROCESS privilege in the I_S code.

          All these checks always use invoker's privileges, and don't respect SQL SECURITY DEFINER of views.

          We should extract the fix for MDEV-7574 from the CONNECT code and make it into an easy to use function that all plugins can use. And change plugins to use it.

            Gliffy Diagrams

              Attachments

                Issue Links

                relates to

                Bug - A problem which impairs or prevents the functions of the product. MDEV-7574 Security definer views don't work with CONNECT ODBC tables

                • Major - Major loss of function.
                • Closed

                  Activity

                  There are no comments yet on this issue.

                    People

                    • Assignee:
                      Unassigned
                      Reporter:
                      serg Sergei Golubchik
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      1 Start watching this issue

                      Dates

                      • Created:
                        Updated: