Details
-
Task
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
None
Description
Currently, mysql_install_db provides default access to the test database by inserting some rows into the mysql.db table for the ''@'%' user account, but it does not insert any rows into the mysql.user table for that user account.
These rows are currently inserted by the scripts/mysql_test_db.sql script:
https://github.com/MariaDB/server/blob/mariadb-10.4.8/scripts/mysql_test_db.sql#L18
This method has some negative consequences. See MDEV-13486 for more information.
If we implement GRANT ... TO PUBLIC, then we should change mysql_install_db, so that mysql_install_db uses that instead.
i.e.:
GRANT ALL PRIVILEGES ON `test`.* TO PUBLIC; |
GRANT ALL PRIVILEGES ON `test\_%`.* TO PUBLIC; |
Note: this comes with a subtle change in behavior. Currently, the way MariaDB/MySQL privilege system works, if one is explicitly granted any privilege on test db, it'll mask anonymous privileges. In other words, some joe@host user has full access to test database by default. But after, for example,
GRANT SELECT ON test.* to joe@host |
He'll have only SELECT privilege, losing everything else.
After this task is implemented and access to test will be granted to PUBLIC, the above behavior will go away, granting privileges will not cause existing privileges to disappear.
Also, SHOW GRANTS will show PUBLIC privileges on test, while it was not doing that before.
Attachments
Issue Links
- blocks
-
MDEV-20259 mysql_secure_installation should use DDL and DCL instead of DML
-
- Open
-
- is blocked by
-
-
- Closed
-
- relates to
-
-
- Closed
-