Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5245

Audit plugin reveals user lists to unprivileged users

Details

    Description

      It's not a bug from the coding perspective, but possibly a specification one, or at least a point for consideration.

      When server_audit_excl_users or server_audit_incl_users are configured, they (as other variables) are visible to any database user, even the least privileged ones. Thus a user gets access to other users' login names and audit settings which is probably not a good idea in production.

      At the moment I don't have any suggestions on how to make it better, I'm not sure if there are any mechanisms to hide a system variable contents from a user.

      Attachments

        Issue Links

          is part of

          Task - A task that needs to be done. MDEV-5983 Auditing plugin v2.0

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-4472 Auditing Plugin

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            serg Sergei Golubchik added a comment -

            I could think of a workaround. E.g. keep the variable value (the string that's shown in I_S and SHOW) always empty, the update callback will update internal filters but not the user-visible variable value.

            That's kind of bad, because the user won't see the current filter.

            It can be exported via another status variable, and there SHOW_FUNC will check privileges and only show the filter to a SUPER user.

            The main question — is is something we want to do?

            serg Sergei Golubchik added a comment - I could think of a workaround. E.g. keep the variable value (the string that's shown in I_S and SHOW) always empty, the update callback will update internal filters but not the user-visible variable value. That's kind of bad, because the user won't see the current filter. It can be exported via another status variable, and there SHOW_FUNC will check privileges and only show the filter to a SUPER user. The main question — is is something we want to do?
            ralf.gebhardt Ralf Gebhardt added a comment -

            With MariaDB Enterprise Audit server_audit_excl_users and server_audit_incl_users are not used anymore, system tables are used instead to define filters

            ralf.gebhardt Ralf Gebhardt added a comment - With MariaDB Enterprise Audit server_audit_excl_users and server_audit_incl_users are not used anymore, system tables are used instead to define filters

            People

              Unassigned Unassigned
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.