Hi, Oleksandr! On Apr 20, Oleksandr Byelkin wrote:
Hi, Oleksandr!
revision-id: 784cc5970dd (mariadb-10.4.11-68-g784cc5970dd) parent(s): c5e00fea102 author: Oleksandr Byelkin <sanja@mariadb.com> committer: Oleksandr Byelkin <sanja@mariadb.com> timestamp: 2020-02-20 14:06:09 +0100 message:
MDEV-19650: Privilege bug on MariaDB 10.4
diff --git a/scripts/mysql_system_tables.sql index 29f2a4c1ef6..af852444d0c 100644 --- a/scripts/mysql_system_tables.sql +++ b/scripts/mysql_system_tables.sql @@ -33,9 +33,17 @@ CREATE TABLE IF NOT EXISTS db ( Host char(60) binary DEFAULT '' NOT NULL, Db c -- Remember for later if db table already existed set @had_db_table= @@warning_count != 0;
-CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY Host (Host,User)) engine=Aria
+CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY (Host,User)) engine=Aria
On Apr 20, Oleksandr Byelkin wrote: transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';
-CREATE DEFINER=root@localhost SQL SECURITY DEFINER VIEW IF NOT EXISTS
user AS SELECT
+set @had_sys_user= @@warning_count != 0 OR 0 <> (select count(*) from mysql.global_priv where Host="localhost" and User="mariadb.sys"); + +CREATE TEMPORARY TABLE tmp_user_sys LIKE global_priv; +INSERT INTO tmp_user_sys (Host,User,Priv) VALUES ('localhost','mariadb.sys','{"access":512,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}'); +INSERT INTO global_priv SELECT * FROM tmp_user_sys WHERE NOT @had_sys_user; +DROP TABLE tmp_user_sys;
1. This could've been simply INSERT IGNORE, I suspect
Nope, the idea is do not insert more than needed.
Why would INSERT IGNORE insert more than needed?
2. why access:512 ? It's FILE_ACL, iirc.
Because LOAD used in tests and so in reality probably, so we need FILE_ACL
We need FILE_ACL, but why mariadb.sys account needs it? mysql.user is a read-only view of the mysql.global_priv table, its owner doesn't need FILE or INSERT/UPDATE/DELETE. Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org