Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
12.0.1
-
None
-
Ubuntu 22.04, docker image mariadb:12.0.1-rc
-
Q4/2025 Server Maintenance
Description
The permission check of LOAD INDEX INTO CACHE and CACHE INDEX commands is broken. A user without permissions on target tables can also execute these commands. It can be reproduced on the latest docker image mariadb:12.0.1-rc.
Steps to reproduce:
1. Use the root user to create a table with MyISAM engine, and create an empty user:
-- login as the root user
|
CREATE TABLE mysql.tbl (c INT PRIMARY KEY) ENGINE = MyISAM; |
CREATE USER foo; |
2. Use the foo user to execute the LOAD INDEX INTO CACHE and CACHE INDEX commands:
-- login as the foo user
|
CACHE INDEX mysql.tbl IN default; |
LOAD INDEX INTO CACHE mysql.tbl KEY (PRIMARY); |
The execution result is:
MariaDB [(none)]> CACHE INDEX mysql.tbl IN default;
|
+-----------+--------------------+----------+----------+
|
| Table | Op | Msg_type | Msg_text |
|
+-----------+--------------------+----------+----------+
|
| mysql.tbl | assign_to_keycache | status | OK |
|
+-----------+--------------------+----------+----------+
|
1 row in set (0.001 sec)
|
 |
MariaDB [(none)]> LOAD INDEX INTO CACHE mysql.tbl KEY (PRIMARY);
|
+-----------+--------------+----------+----------+
|
| Table | Op | Msg_type | Msg_text |
|
+-----------+--------------+----------+----------+
|
| mysql.tbl | preload_keys | status | OK |
|
+-----------+--------------+----------+----------+
|
1 row in set (0.000 sec)
|
It shows that these commands are successfully executed by the foo user. However, the foo user does not have any permissions:
MariaDB [(none)]> show grants;
|
+---------------------------------+
|
| Grants for foo@% |
|
+---------------------------------+
|
| GRANT USAGE ON *.* TO `foo`@`%` |
|
+---------------------------------+
|
1 row in set (0.000 sec)
|
So the permission check of LOAD INDEX INTO CACHE and CACHE INDEX commands seems broken.