[MDEV-18328] Make DISKS plugin check some privilege to access information_schema.DISKS table Created: 2019-01-21 Updated: 2019-06-19 Resolved: 2019-06-19 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Information Schema, Plugins |
| Fix Version/s: | 10.2.26, 10.1.41, 10.3.17, 10.4.7 |
| Type: | Task | Priority: | Critical |
| Reporter: | Geoff Montee (Inactive) | Assignee: | Oleksandr Byelkin |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||
| Description |
|
The documentation for the information_schema.DISKS table says the following:
https://mariadb.com/kb/en/library/information-schema-disks-table/ It seems like this table should be protected by some privilege. Maybe FILE and/or SUPER privileges would be appropriate? |
| Comments |
| Comment by Daniel Black [ 2019-01-22 ] | |
|
I think a global "read only" privilege like 'PROCESS' or 'SHOW DATABASES' as reading this table is of lower level sensitivity. | |
| Comment by Geoff Montee (Inactive) [ 2019-01-23 ] | |
|
Good point. Maybe FILE or SUPER would be overkill for this table. | |
| Comment by Oleksandr Byelkin [ 2019-06-08 ] | |
|
I made it with FILE | |
| Comment by Sergei Golubchik [ 2019-06-11 ] | |
|
It must be an empty table, not an error (you can do a warning or a note, perhaps, I'm not sure about it). SQL Standard is very clear that any user can always select from information_schema tables, they all have
For example, if a user selects from I_S.TABLES, he doesn't get an error when there's a table he has no privileges on — he simply doesn't see that table in the output. This is the standard I_S behavior, anyone can select, but users don't see information about objects they have no privileges on. | |
| Comment by Oleksandr Byelkin [ 2019-06-11 ] | |
|
fixed | |
| Comment by Sergei Golubchik [ 2019-06-18 ] | |
|
ok to push |