Re: [Maria-developers] 784cc5970dd: MDEV-19650: Privilege bug on MariaDB 10.4

Hi, Oleksandr! On Apr 20, Oleksandr Byelkin wrote:

...

Hi, Oleksandr!

...

revision-id: 784cc5970dd (mariadb-10.4.11-68-g784cc5970dd) parent(s): c5e00fea102 author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2020-02-20 14:06:09 +0100 message:

MDEV-19650: Privilege bug on MariaDB 10.4

diff --git a/scripts/mysql_system_tables.sql index 29f2a4c1ef6..af852444d0c 100644 --- a/scripts/mysql_system_tables.sql +++ b/scripts/mysql_system_tables.sql @@ -33,9 +33,17 @@ CREATE TABLE IF NOT EXISTS db ( Host char(60) binary DEFAULT '' NOT NULL, Db c -- Remember for later if db table already existed set @had_db_table= @@warning_count != 0;

-CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY Host (Host,User)) engine=Aria

...

+CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY (Host,User)) engine=Aria

On Apr 20, Oleksandr Byelkin wrote: transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';

...

-CREATE DEFINER=root@localhost SQL SECURITY DEFINER VIEW IF NOT EXISTS

user AS SELECT

...

+set @had_sys_user= @@warning_count != 0 OR 0 <> (select count(*) from mysql.global_priv where Host="localhost" and User="mariadb.sys"); + +CREATE TEMPORARY TABLE tmp_user_sys LIKE global_priv; +INSERT INTO tmp_user_sys (Host,User,Priv) VALUES ('localhost','mariadb.sys','{"access":512,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}'); +INSERT INTO global_priv SELECT * FROM tmp_user_sys WHERE NOT @had_sys_user; +DROP TABLE tmp_user_sys;

1. This could've been simply INSERT IGNORE, I suspect

Nope, the idea is do not insert more than needed.

Why would INSERT IGNORE insert more than needed?

2. why access:512 ? It's FILE_ACL, iirc.

Because LOAD used in tests and so in reality probably, so we need FILE_ACL

We need FILE_ACL, but why mariadb.sys account needs it? mysql.user is a read-only view of the mysql.global_priv table, its owner doesn't need FILE or INSERT/UPDATE/DELETE. Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org