maria-developers team mailing list archive

Thread
Date

Re: 14cc679c95e: MDEV-27831 Let the SQL SERVICE user set the current user name.

To: Alexey Botchkov <holyfoot@xxxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 4 Mar 2022 10:07:37 +0100
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <c-o0iAna7XJ.A.X8D.1SdIiB@pweza>

Hi, Alexey,

On Mar 04, Alexey Botchkov wrote:
> revision-id: 14cc679c95e (mariadb-10.7.2-8-g14cc679c95e)
> parent(s): 33fd136c61b
> author: Alexey Botchkov
> committer: Alexey Botchkov
> timestamp: 2022-02-15 11:35:18 +0400
> message:
> 
> MDEV-27831 Let the SQL SERVICE user set the current user name.
> 
> The 'user' argument added to the mysql_real_connect_local.

I think this is wrong on many levels.

A plugin name is already known inside the plugin, you shouldn't force
the plugin to pass its own name as an argument in multiple places, the
server should determine it automatically.

You should not set current_user to an arbitrary string for audit plugin
to see it. current_user is the name of the user account and it's used in
many places as such. Try, for example, to create a view or a stored
procedure. Who will be a definer?

Setting only user() might be ok. Setting @@proxy_user or @@external_user
is even better, if your audit plugin can show them. @@external_user
would be the best, I think it's purely informational.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx

Follow ups

Re: 14cc679c95e: MDEV-27831 Let the SQL SERVICE user set the current user name.
From: Alexey Botchkov, 2022-04-04