Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17178

plugin_maturity cannot be set dynamic

Details

    Description

      Plugin Maturity variable (plugin_maturity) cannot be set dynamically (as documented).

      SQL> set session plugin_maturity=beta;
      ERROR 1238 (HY000): Variable 'plugin_maturity' is a read only variable
      SQL> set global plugin_maturity=beta;
      ERROR 1238 (HY000): Variable 'plugin_maturity' is a read only variable

      This is very inconvenient and does not follow the approach of "everything can be configured online".

      Attachments

        Activity

          This is quite intentional and it's done to clearly separate areas of responsibility.

          There is someone with OS level access, this someone can copy new plugins into plugin-dir and can edit my.cnf or restart mysqld with different command-line options. This someone has the necessary level of access to decide what code is executed within the mysqld process. This someone can even replace mysqld binary, if desired.

          And there is another person with DB-level access, that can connect to the running mysqld, but doesn't have a (privileged) shell access. This person should not be able to load plugins that were not allowed by the first someone. Crossing this boundary, going from DB-level to OS-level is a security violation.

          serg Sergei Golubchik added a comment - This is quite intentional and it's done to clearly separate areas of responsibility. There is someone with OS level access, this someone can copy new plugins into plugin-dir and can edit my.cnf or restart mysqld with different command-line options. This someone has the necessary level of access to decide what code is executed within the mysqld process. This someone can even replace mysqld binary, if desired. And there is another person with DB-level access, that can connect to the running mysqld, but doesn't have a (privileged) shell access. This person should not be able to load plugins that were not allowed by the first someone. Crossing this boundary, going from DB-level to OS-level is a security violation.

          People

            serg Sergei Golubchik
            oli Oli Sennhauser
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.