maria-developers team mailing list archive
-
maria-developers team
-
Mailing list archive
-
Message #09771
Re: When SP DEFINER is empty.
Hi, Alexey!
I think, specify a non-empty DEFINER explicitly.
Doesn't matter which one, it's mysql_install_db, so there are few
definers that are guaranteed to exist (as they are created by
mysql_install_db itself), use one of those, for example, root@localhost.
Those procedures are SQL SECURITY INVOKER anyway.
On Jun 25, Alexey Botchkov wrote:
>
> I'm in doubts about how this one should be fixed:
>
> https://jira.mariadb.org/browse/MDEV-10119
>
> The story goes like this:
>
> - mysql_install_db script runs 'mysqld --skip-grant-tables'
>
> In this case the 'current_user()' seems to be empty.
>
> - so the CREATE PROCEDURE command in the bootstrap creates the procedure
> with the empty DEFINER.
>
> - as a result, the 'SHOW CREATE PROCEDURE' returns query started with
>
> 'CREATE DEFINER=`` PROCEDURE...',
>
> - that DEFINER=`` gives an error when feed to the server.
>
> That can be fixed on any stage. We can do any of these:
>
> - set some 'current_user()' to be not empty even with the
> --skip-grant-tables option
>
> - specify some non-empty DEFINER for the CREATE PROCEDURE statement
>
> (in both options it's not that clear what user could that be)
>
> - fix the SHOW CREATE PROCEDURE statement so it doesn't add the
> errorneous DEFINER=`` to the query.
>
> - make server handling the 'DEFINER=``' with no error. Maybe assigning
> the 'current_user()' in this case.
>
> So, what can You recommend as a fix in this case?
>
> Best regards.
> HF
Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx
References