[MDEV-18053] INSTALL PLUGIN FORCE needed to override @@plugin_maturity Created: 2018-12-21  Updated: 2019-03-04  Resolved: 2019-03-04

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Fix Version/s: N/A

Type: Task Priority: Minor
Reporter: Federico Razzoli Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 0
Labels: None


 Description   

@@plugin_maturity is a readonly variable.

I believe it is reasonable to only allow mature plugins in a server, but then decide to make an exception for a specific case. A DBA is supposed to know what usage will be done, and understand the risk.

I suggest to implement a INSTALL PLUGIN FORCE syntax, that overrides @@plugin_maturity for a specific plugin. Since such syntax could be used improperly by tools that run as root, I also suggest to write a warning in the error log whenever @@plugin_maturity is overridden - hopefully, the diligent DBA monitors that file and will check if she wants that plugin.

Please keep in mind that currently, if a DBA wants to achieve the same, has to restart the server twice: to set a lower plugin_maturity and install the plugin, and then to restore the old plugin maturity.

 Comments   
Comment by Sergei Golubchik [ 2019-03-04 ]

@@plugin_maturity was intentionally made read-only. Precisely, the point is to disallow loading immature plugins. Allowing a DBA to bypass it defeats the whole purpose. Nobody but DBA can load plugins anyway, it requires a SUPER privilege. If the only person who is restricted by this variable, can also bypass it at will — this variable does not protect anything.

Generated at Thu Feb 08 08:41:08 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.