Hi, Oleksandr!
On Apr 20, Oleksandr Byelkin wrote:
> > Hi, Oleksandr!
> >
> > On Apr 20, Oleksandr Byelkin wrote:
> > > revision-id: 784cc5970dd (mariadb-10.4.11-68-g784cc5970dd)
> > > parent(s): c5e00fea102
> > > author: Oleksandr Byelkin <sa...@mariadb.com>
> > > committer: Oleksandr Byelkin <sa...@mariadb.com>
> > > timestamp: 2020-02-20 14:06:09 +0100
> > > message:
> > >
> > > MDEV-19650: Privilege bug on MariaDB 10.4
> > >
> > > diff --git a/scripts/mysql_system_tables.sql
> > > index 29f2a4c1ef6..af852444d0c 100644
> > > --- a/scripts/mysql_system_tables.sql
> > > +++ b/scripts/mysql_system_tables.sql
> > > @@ -33,9 +33,17 @@ CREATE TABLE IF NOT EXISTS db ( Host char(60)
> > binary DEFAULT '' NOT NULL, Db c
> > > -- Remember for later if db table already existed
> > > set @had_db_table= @@warning_count != 0;
> > >
> > > -CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT
> > '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}'
> > CHECK(JSON_VALID(Priv)), PRIMARY KEY Host (Host,User)) engine=Aria
> > transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and
> > global privileges';
> > > +CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT
> > '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}'
> > CHECK(JSON_VALID(Priv)), PRIMARY KEY (Host,User)) engine=Aria
> > transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and
> > global privileges';
> > >
> > > -CREATE DEFINER=root@localhost SQL SECURITY DEFINER VIEW IF NOT EXISTS
> > user AS SELECT
> > > +set @had_sys_user= @@warning_count != 0 OR 0 <> (select count(*) from
> > mysql.global_priv where Host="localhost" and User="mariadb.sys");
> > > +
> > > +CREATE TEMPORARY TABLE tmp_user_sys LIKE global_priv;
> > > +INSERT INTO tmp_user_sys (Host,User,Priv) VALUES
> > ('localhost','mariadb.sys','{"access":512,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}');
> > > +INSERT INTO global_priv SELECT * FROM tmp_user_sys WHERE NOT
> > @had_sys_user;
> > > +DROP TABLE tmp_user_sys;
> >
> > 1. This could've been simply INSERT IGNORE, I suspect
>
> Nope, the idea is do not insert more than needed.
Why would INSERT IGNORE insert more than needed?
> 2. why access:512 ? It's FILE_ACL, iirc.
>
> Because LOAD used in tests and so in reality probably, so we need FILE_ACL
We need FILE_ACL, but why mariadb.sys account needs it?
mysql.user is a read-only view of the mysql.global_priv table,
its owner doesn't need FILE or INSERT/UPDATE/DELETE.
Regards,
Sergei
VP of MariaDB Server Engineering
and secur...@mariadb.org
_______________________________________________
Mailing list: https://launchpad.net/~maria-developers
Post to : maria-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-developers
More help : https://help.launchpad.net/ListHelp
