Public bug reported: As agreed with Robie Basak (racb), I'm filing this request for backporting a feature from 5.7 to the 5.6 stable branch so that it can be considered by the SRU Team and returned as input to upstream. Upstream is waiting for response from distros before deciding whether to backport or not.
Background ========== There's a new plugin in MySQL 5.7 that makes it possible to have accounts that can't log in: CREATE USER foo@localhost IDENTIFIED WITH 'mysql_no_login'; The mysql_no_login plugin simply denies all login attempts. This is useful for users that are created, e.g., to serve as proxy users, or as owners of stored programs/functions, views or events. This new plugin doesn't fix known security defects in the server, but does provide new and better means to harden security. Best practices for security include application of least-required privileges, and in some cases, that means no client connections for privileged accounts. This new plugin provides means to implement such restrictions in a standard way. Because of the security benefits, upstream would proposes backporting it to 5.6. This does not fall under the existing micro-release exception for mysql-5.6, and so must be considered separately. In consideration of the micro-release exception requirements, upstream are interested in a decision for acceptance in an Ubuntu SRU before making the change upstream, so that any change made, or not made, is consistent across upstream, Ubuntu and any other distribution that wish to follow suit. We would like a +1 or a -1 from the SRU team (or Technical Board if appropriate) on 1) backporting the plugin into the 5.6 source code, and 2) for each of the options presented below. Impact ====== If backported, the plugin would at least be available in the source tarball. That doesn't mean it has to be distributed in Ubuntu: - A patch can be applied to remove the plugin from the source code before building (it's only a few lines of code). - Compilation of the plugin can be disabled. - It can be built but the resulting plugin binary can be left out of packages. - It can be built and packaged. The DBA still has to explicitly enable it and alter the user accounts to use it. Proposed development fix ======================== Either 1) Build and package the plugin, or 2) allow the plugin in source code, but don't package it (either by disabling it before compilation or skipping the binary in packaging). Fedora/Red Hat has +1'ed a backport: http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/2014-October/007195.html Proposed stable fix =================== Same as development fix. Regression potential ==================== Upstream considers the regression potential to be very low. - Since this is a plugin, it doesn't touch server code. - All new code is in a plugin that must be enabled explicitly by the DBA. - The code itself is very simple. It's only one line of "real" code (unconditionally return authentication failure), plus necessary plugin plumbing to fill out the plugin API. ** Affects: mysql-5.6 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1396210 Title: Backporting the mysql_no_login plugin to 5.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1396210/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
