revision-id: a529188e05da8060c95eeb4c8caef05adbd6cc6a (mariadb-10.2.23-88-ga529188) parent(s): cd26cdcd974725031e30393ff165fb0dfb365c4d committer: Alexey Botchkov timestamp: 2019-04-29 01:25:17 +0400 message: MDEV-17456 Malicious SUPER user can possibly change audit log configuration without leaving traces. The 'SET server_audit_logging ' statements should be logged no matter what. --- mysql-test/suite/plugins/r/server_audit.result | 3 +++ mysql-test/suite/plugins/t/server_audit.test | 3 +++ plugin/server_audit/server_audit.c | 7 ++++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/mysql-test/suite/plugins/r/server_audit.result b/mysql-test/suite/plugins/r/server_audit.result index 0709444..b8d2986 100644 --- a/mysql-test/suite/plugins/r/server_audit.result +++ b/mysql-test/suite/plugins/r/server_audit.result @@ -212,6 +212,8 @@ select 2; 2 2 drop table t1; +set global server_audit_logging= off; +set global server_audit_logging= on; set global server_audit_events=''; set global server_audit_query_log_limit= 15; select (1), (2), (3), (4); @@ -378,6 +380,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1=<secret>',ID TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'insert into t1 values (1), (2)',0 +TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global server_audit_logging= off',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global server_audit_events=\'\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global serv',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'select (1), (2)',0 diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test index fa23dc5..f19c8f5 100644 --- a/mysql-test/suite/plugins/t/server_audit.test +++ b/mysql-test/suite/plugins/t/server_audit.test @@ -136,6 +136,9 @@ select * from t1; select 2; drop table t1; +set global server_audit_logging= off; +set global server_audit_logging= on; + set global server_audit_events=''; set global server_audit_query_log_limit= 15; diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 2f9cd99..f03564e 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -15,7 +15,7 @@ #define PLUGIN_VERSION 0x104 -#define PLUGIN_STR_VERSION "1.4.4" +#define PLUGIN_STR_VERSION "1.4.5" #define _my_thread_var loc_thread_var @@ -1623,7 +1623,7 @@ static int log_statement_ex(const struct connection_info *cn, } if (query && !(events & EVENT_QUERY_ALL) && - (events & EVENT_QUERY)) + (events & EVENT_QUERY && !cn->log_always)) { const char *orig_query= query; @@ -2556,9 +2556,10 @@ static void log_current_query(MYSQL_THD thd) if (!ci_needs_setup(cn) && cn->query_length && FILTER(EVENT_QUERY) && do_log_user(cn->user)) { + cn->log_always= 1; log_statement_ex(cn, cn->query_time, thd_get_thread_id(thd), cn->query, cn->query_length, 0, "QUERY"); - cn->log_always= 1; + cn->log_always= 0; } }