Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37652

Remote procedures executed by mariadb-dump - cannot backup common_schema

    XMLWordPrintable

Details

    • Not for Release Notes

    Description

      I noticed that when common-schema is installed (which is a collection of views and stored procedures) mariadb-dump produces an error:

      mariadb-dump --no-defaults --no-data   --skip-ssl    --skip-add-locks  --ignore-table=mysql.proc  --ignore-table=mysql.procs_priv  --ignore-table=mysql.gtid_replica_pos  --ignore-table=mysql.gtid_slave_pos  --ignore-table=mysql.help_keyword  --ignore-table=mysql.help_relation  --ignore-table=mysql.help_topic  --ignore-table=mysql.slow_log  --ignore-table=mysql.general_log  --ignore-table=mysql.event   --master-data=2  --gtid   --skip-triggers --routines --events --user=asyncrep_dump_temp --password=redacted --host=10.10.10.10 --port=3306  --ignore-database=mysql   --all-databases  >> /var/tmp/asyncreplication//dump-from-primary-connection.sql.gz
      		 
       
      		 
          "stderr": "mariadb-dump: Couldn't execute 'SHOW FIELDS FROM `_processlist_grantees_exploded`': execute command denied to user 'asyncrep_dump_temp'@'%' for routine 'common_schema.match_grantee' (1370)",
      		 
       
      		 
      MariaDB [common_schema]> show create view _processlist_grantees_exploded\G
      		 
      *************************** 1. row ***************************
      		 
                      View: _processlist_grantees_exploded
      		 
               Create View: CREATE ALGORITHM=MERGE DEFINER=`root`@`localhost` SQL SECURITY INVOKER VIEW `_processlist_grantees_exploded` AS select `processlist_grantees`.`ID` AS `id`,`processlist_grantees`.`sql_kill_query` AS `sql_kill_query`,`processlist_grantees`.`sql_kill_connection` AS `sql_kill_connection`,`processlist_grantees`.`GRANTEE` AS `grantee`,concat(`processlist_grantees`.`grantee_user`,'@',`processlist_grantees`.`grantee_host`) AS `unqualified_grantee`,`processlist_grantees`.`grantee_host` AS `grantee_host`,`processlist_grantees`.`grantee_user` AS `grantee_user`,concat('\'',`processlist_grantees`.`USER`,'\'@\'',substring_index(`processlist_grantees`.`HOST`,':',1),'\'') AS `qualified_user_host`,concat(`processlist_grantees`.`USER`,'@',substring_index(`processlist_grantees`.`HOST`,':',1)) AS `unqualified_user_host`,substring_index(`processlist_grantees`.`HOST`,':',1) AS `hostname`,`processlist_grantees`.`USER` AS `user` from `common_schema`.`processlist_grantees`
      		 
      character_set_client: utf8mb3
      		 
      collation_connection: utf8mb3_general_ci

      I don't see where the procedure the error is about comes about in the dump.

      I think it should not be needed that my dump user has EXECUTE priviledge. I believe this is a security issue, possible to elevate one's permissions in a common scenario:

      • Unpriviledged user sets up the same as in my situation (I suspect it is a view or table with a function in there or a virtual column to a function)
      • Dump runs as priviledged user (yes, not recommended but many people do this)
      • Function or virtual column expression is executed as priviledged user
      • Malicious function can read priviledged data

      Thank you.

      Attachments

        Issue Links

          links to

          Web Link common_schema

          Activity

            People

              Unassigned Unassigned
              michaeldg Michaël de groot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.