[MDEV-18328] Make DISKS plugin check some privilege to access information_schema.DISKS table - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.2.26, 10.1.41, 10.3.17, 10.4.7
Component/s: Information Schema, Plugins
Labels:
None

Description

The documentation for the information_schema.DISKS table says the following:

This plugin does not check user privileges. When it is enabled, any user can query the INFORMATION_SCHEMA.DISKS table and see all the information it provides.

https://mariadb.com/kb/en/library/information-schema-disks-table/

It seems like this table should be protected by some privilege. Maybe FILE and/or SUPER privileges would be appropriate?

Attachments

Issue Links

relates to

MDEV-14533 Provide information_schema tables using which hardware information can be obtained.

Closed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Geoff Montee (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-01-21 23:01

Updated:: 2019-06-19 08:21

Resolved:: 2019-06-19 08:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.