maria-developers team mailing list archive

Thread
Date

Re: 88f8aa20bba: MDEV-23486 RBR can bypass secure_timestamp=YES

To: Aleksey Midenkov <midenok@xxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Sun, 9 Jan 2022 14:53:08 +0100
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <DbQoa3HfmpC.A.1BC.sfu2hB@pweza>

Hi, Aleksey!

On Jan 09, Aleksey Midenkov wrote:
> revision-id: 88f8aa20bba (mariadb-10.3.31-79-g88f8aa20bba)
> parent(s): d5451867af1
> author: Aleksey Midenkov
> committer: Aleksey Midenkov
> timestamp: 2021-12-23 04:15:39 +0300
> message:
> 
> MDEV-23486 RBR can bypass secure_timestamp=YES
> 
> Pass to a slave whether master table is system-versioned via
> TM_SYSTEM_VERSIONED flag. That deprecates m_vers_from_plain
> detection. If secure_timestamp == YES or master did not supply row_end
> data treat the row as current data and generate timestamps for it.

I don't understand why does it matter whether the master is system
versioned or not.

secure_timestamp=YES means the table has to store actual timestamps when
rows were changed. It doesn't trust the master to set timestamps. So
it should not matter whether master table is versioned or not, if you
don't trust the master, you cannot trust its TM_SYSTEM_VERSIONED flag
either. Even if the table was system versioned on the master, the master
could've had secure_timestamp=NO and a completely fake history.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx

Follow ups

Re: 88f8aa20bba: MDEV-23486 RBR can bypass secure_timestamp=YES
From: Aleksey Midenkov, 2022-03-26