[MXS-633] Galera Monitor should not require the REPLICATION CLIENT privilege Created: 2016-03-21 Updated: 2016-03-30 Resolved: 2016-03-30 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | galeramon, ndbclustermon |
| Affects Version/s: | 1.4.0 |
| Fix Version/s: | 2.0.0 |
| Type: | Bug | Priority: | Major |
| Reporter: | Kolbe Kegel (Inactive) | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
The Galera monitor itself does not need the REPLICATION CLIENT privilege, since it has no reason to execute SHOW SLAVE STATUS. Nevertheless, core/monitor.c contains a hardcoded check for this privileged used for all modules. Granting unnecessary privileges is a security risk, so advice to do so should be avoided. The permissions required for each monitor should probably be defined by each monitor, not in a central location. |
| Comments |
| Comment by markus makela [ 2016-03-30 ] |
|
The modules now do the permission checks themselves and only for the privileges they need. |