Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24815

Add 'allow-suspicious-udfs' and 'skip-grant-tables' to system variables

Details

    Description

      E.g. the actual used values of allow-suspicious-udfs and skip-grant-tables can't be seen in SHOW GLOBAL VARIABLES output, and are not listed in INFORMATION_SCHEMA.SYSTEM_VARIABLES either.

      As both of these settings have security implications it should be possible to see their current value from the SQL level though, for audit / secure configuration check purposes.

      Especially with the now added GLOBAL_VALUE_ORIGIN and GLOBAL_VALUE_PATH information in I_S SYSTEM_VARIABLES, every setting that can be done via command line or my.cnf should actually be visible in SYSTEM_VARIABLES ...?

      Attachments

        Issue Links

          Activity

            hholzgra Hartmut Holzgraefe added a comment - - edited

            Replication related options

            binlog-do-db
            binlog-ignore-db
            binlog-row-event-max-size
            master-info-file
            master-retry-count
            replicate-rewrite-db
            replicate-same-server-id
            show-slave-auth-info
            skip-slave-start
            

            hholzgra Hartmut Holzgraefe added a comment - - edited Replication related options binlog-do-db binlog-ignore-db binlog-row-event-max-size master-info-file master-retry-count replicate-rewrite-db replicate-same-server-id show-slave-auth-info skip-slave-start

            Bootstrap options, at least "bootstrap" and "skip-grant-tables" might be of interest, esp. the later one, as a server should not be running for log with that one enabled. That one should definitely be testable from SQL level. wsrep_new_cluster and getopt-prefix-matching do not affect server behavior after startup, and so are of no real interest at SQL level.

            bootstrap
            console
            getopt-prefix-matching
            wsrep-new-cluster
            skip-grant-tables
            

            hholzgra Hartmut Holzgraefe added a comment - Bootstrap options, at least "bootstrap" and "skip-grant-tables" might be of interest, esp. the later one, as a server should not be running for log with that one enabled. That one should definitely be testable from SQL level. wsrep_new_cluster and getopt-prefix-matching do not affect server behavior after startup, and so are of no real interest at SQL level. bootstrap console getopt-prefix-matching wsrep-new-cluster skip-grant-tables

            Unclear and deprecated cases:

            character-set-client-handshake -- only documented on MySQL side: https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_character-set-client-handshake
            init-rpl-role -- unused?, was removed upstream long ago: https://bugs.mysql.com/bug.php?id=54649
            log-short-format -- not sure yet, seems to be missing from KB page on server options, and Enterprise docs only have the usual useless stub
            port-open-timeout -- not sure yet, seems to be missing from KB page on server options, and Enterprise docs only have the usual useless stub
            temp-pool -- deprecated, so probably not worth handling
            

            hholzgra Hartmut Holzgraefe added a comment - Unclear and deprecated cases: character-set-client-handshake -- only documented on MySQL side: https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_character-set-client-handshake init-rpl-role -- unused?, was removed upstream long ago: https://bugs.mysql.com/bug.php?id=54649 log-short-format -- not sure yet, seems to be missing from KB page on server options, and Enterprise docs only have the usual useless stub port-open-timeout -- not sure yet, seems to be missing from KB page on server options, and Enterprise docs only have the usual useless stub temp-pool -- deprecated, so probably not worth handling

            Remaining cases that seem to be valid, and do not fit into other categories above:

            allow-suspicious-udfs
            aria-log-dir-path
            des-key-file
            innodb-status-file
            log-ddl-recovery
            log-isam
            log-tc
            memlock
            old-style-user-limits,,
            safe-user-create
            silent-startup
            skip-host-cache
            ssl
            stack-trace
            sysdate-is-now
            tc-heuristic-recover
            transaction-isolation
            transaction-read-only
            

            hholzgra Hartmut Holzgraefe added a comment - Remaining cases that seem to be valid, and do not fit into other categories above: allow-suspicious-udfs aria-log-dir-path des-key-file innodb-status-file log-ddl-recovery log-isam log-tc memlock old-style-user-limits,, safe-user-create silent-startup skip-host-cache ssl stack-trace sysdate-is-now tc-heuristic-recover transaction-isolation transaction-read-only
            danblack Daniel Black added a comment -

            Thanks Tingynia for the contribution for the first part.

            Thanks hholzgra for clarifying the rest that I've hopefully paraphrased correctly in MDEV-28672.

            danblack Daniel Black added a comment - Thanks Tingynia for the contribution for the first part. Thanks hholzgra for clarifying the rest that I've hopefully paraphrased correctly in MDEV-28672 .

            People

              danblack Daniel Black
              hholzgra Hartmut Holzgraefe
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.