[MDEV-8276] Information leakage in information_schema TokuDB_* tables Created: 2015-06-06 Updated: 2022-09-08 |
|
| Status: | Confirmed |
| Project: | MariaDB Server |
| Component/s: | Storage Engine - TokuDB |
| Affects Version/s: | 10.0.19, 5.5, 10.0, 10.1 |
| Fix Version/s: | 10.1 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Alexander Loginov | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | tokudb, upstream | ||
| Environment: |
Debian 7 64-bit |
||
| Description |
|
In information_schema in TokuDB_* tables every basic user with access can view other TokuDB databases, tables, keys names and some other minor information of ALL other users in current MySQL instance (including where user have NO access). I doubt that it's correct behaviour as other table types does not leak any information. |
| Comments |
| Comment by Elena Stepanova [ 2015-06-08 ] |
|
Thanks for the report. Same with MySQL-5.5.41-TokuDB, so it's an upstream issue (upstream being TokuDB in this case). Assigning to prohaska7 to comment or decide on further action. |
| Comment by Daniel Black [ 2018-01-01 ] |
|
https://jira.percona.com/projects/TDB/issues/TDB-85?filter=allopenissues couldn't find an existing issue, Profforg can you create one please? |