[MDEV-13353] CONNECT engine table_type=JDBC should not require FILE priv - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.1.25
Fix Version/s: 10.0.35, 10.1.32, 10.2.14, 10.3.6
Component/s: Storage Engine - Connect
Labels:
None
Environment:
CentOS7 on Google Compute Engine

Description

For security reasons it would be great if we did not have to grant FILE permission to everyone who uses a CONNECT JDBC table. Currently we have to grant FILE to all users, even non-administrators, which increases the chance of data being leaked by accident. We do use secure_file_priv to help this, but ideally no user would need FILE priv, or if that isn't possible for some reason, at least not require FILE to use a connect JDBC table.

Attachments

Issue Links

is duplicated by

MDEV-4500 ConnectSE: Excessive FILE privilege requirement for read-only operations

Open

Activity

Ascending order - Click to sort in descending order

View 11 older comments

Sergei Golubchik added a comment - 2018-03-09 11:06

I vaguely remember that one can read text and csv files via ODBC, using "Text Driver". Is that correct?
This was the reason for requiring FILE privilege for ODBC.

Sergei Golubchik added a comment - 2018-03-09 11:06 I vaguely remember that one can read text and csv files via ODBC, using "Text Driver". Is that correct? This was the reason for requiring FILE privilege for ODBC.

Robert Dyas added a comment - 2018-03-21 17:54

I think that is possible, but the person configuring the environment and install the drivers would be "responsible" for installing or not installing such a driver in this case. I don't think its a direct security concern of CONNECT, but could be a vulnerability if someone installed such a driver as the driver can run arbitrary code. Possibly worth documenting in a "Security Considerations" section.

Robert Dyas added a comment - 2018-03-21 17:54 I think that is possible, but the person configuring the environment and install the drivers would be "responsible" for installing or not installing such a driver in this case. I don't think its a direct security concern of CONNECT, but could be a vulnerability if someone installed such a driver as the driver can run arbitrary code. Possibly worth documenting in a "Security Considerations" section.

Olivier Bertrand added a comment - 2018-03-23 11:46

Text Driver is a 32 bit Windows only driver incompatible with 64 bit applications. All servers on Linux are not concerned, only Windows 32 bit ones (unless accessed via the ODBC-ODBC Easysoft driver).
Eventually, file privilege could be restored for Windows servers for ODBC. What do you think?

Olivier Bertrand added a comment - 2018-03-23 11:46 Text Driver is a 32 bit Windows only driver incompatible with 64 bit applications. All servers on Linux are not concerned, only Windows 32 bit ones (unless accessed via the ODBC-ODBC Easysoft driver). Eventually, file privilege could be restored for Windows servers for ODBC. What do you think?

Robert Dyas added a comment - 2018-03-23 15:22

better to not require it in my opinion.

Robert Dyas added a comment - 2018-03-23 15:22 better to not require it in my opinion.

Robert Dyas added a comment - 2018-03-27 19:48

I'm not seeing this as fixed in the 10.2.14 change log:

https://mariadb.com/kb/en/library/mariadb-10214-changelog/

Robert Dyas added a comment - 2018-03-27 19:48 I'm not seeing this as fixed in the 10.2.14 change log: https://mariadb.com/kb/en/library/mariadb-10214-changelog/

People

Assignee:: Olivier Bertrand

Reporter:: Robert Dyas

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2017-07-19 15:11

Updated:: 2018-04-26 12:15

Resolved:: 2018-02-26 21:50

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server