[MDEV-5245] Audit plugin reveals user lists to unprivileged users Created: 2013-11-05 Updated: 2023-04-24 Resolved: 2023-04-24 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Plugin - Audit |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Major |
| Reporter: | Elena Stepanova | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
It's not a bug from the coding perspective, but possibly a specification one, or at least a point for consideration. When server_audit_excl_users or server_audit_incl_users are configured, they (as other variables) are visible to any database user, even the least privileged ones. Thus a user gets access to other users' login names and audit settings which is probably not a good idea in production. At the moment I don't have any suggestions on how to make it better, I'm not sure if there are any mechanisms to hide a system variable contents from a user. |
| Comments |
| Comment by Sergei Golubchik [ 2015-01-26 ] |
|
I could think of a workaround. E.g. keep the variable value (the string that's shown in I_S and SHOW) always empty, the update callback will update internal filters but not the user-visible variable value. That's kind of bad, because the user won't see the current filter. It can be exported via another status variable, and there SHOW_FUNC will check privileges and only show the filter to a SUPER user. The main question — is is something we want to do? |
| Comment by Ralf Gebhardt [ 2023-04-24 ] |
|
With MariaDB Enterprise Audit server_audit_excl_users and server_audit_incl_users are not used anymore, system tables are used instead to define filters |