Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8545

Security definer views don't work with engine's privilege checks

Details

    Description

      This is a follow-up for MDEV-7574.

      Different engines check user privileges for some reasons. For example, InnoDB and XtraDB often check PROCESS privilege in the I_S code.

      All these checks always use invoker's privileges, and don't respect SQL SECURITY DEFINER of views.

      We should extract the fix for MDEV-7574 from the CONNECT code and make it into an easy to use function that all plugins can use. And change plugins to use it.

      Attachments

        Issue Links

          is part of

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20549 SQL SECURITY DEFINER does not work for INFORMATION_SCHEMA tables

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-7574 Security definer views don't work with CONNECT ODBC tables

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            serg Sergei Golubchik created issue -
            serg Sergei Golubchik made changes -
            Field Original Value New Value
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.1 [ 16100 ]
            Fix Version/s 10.0 [ 16000 ]
            serg Sergei Golubchik made changes -
            Affects Version/s 10.1 [ 16100 ]
            Affects Version/s 10.2 [ 14601 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.2 [ 14601 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.1 [ 16100 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            Component/s Authentication and Privilege System [ 13101 ]
            Fix Version/s N/A [ 14700 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 70779 ] MariaDB v4 [ 149423 ]

            People

              serg Sergei Golubchik
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.