maria-developers team mailing list archive

[Alexey Botchkov <holyfoot@xxxxxxxxxxx>]

I still like my approach.

> A plugin name is already known inside the plugin,
> the server should determine it automatically.

Firstly I don't see any good way for the service to know the
name of the plugin that called the mysql_real_connect_local.
Technically this call doesn't even have to be hard linked to a plugin.
Can be just done by a part of the server.

Then why limit the plugin like this? That doesn't add much to the security
as the
plugin can replace that string anyway.

Also one plugin can have more than one connection and
I can imagine that different usernames for these connections ake sence.

> current_user is the name of the user account and it's used in
> many places as such. Try, for example, to create a view or a stored
> procedure. Who will be a definer?
If not specified, the definer is going to be username@''.
And as a result the view or the procedure will be not functional.
But i think it's rather correct. The user of the SQL service has to specify
the definer explicitly.

> Setting only user() might be ok.
I can agree with that. Setting the ctx->user only.
In this case the DEFINER of the view/procedure is going to be empty
if not explicitly specified.
Though don't see any advantage to what is now.

Best regards.
HF

On Fri, Mar 4, 2022 at 1:08 PM Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

> Hi, Alexey,
>
> On Mar 04, Alexey Botchkov wrote:
> > revision-id: 14cc679c95e (mariadb-10.7.2-8-g14cc679c95e)
> > parent(s): 33fd136c61b
> > author: Alexey Botchkov
> > committer: Alexey Botchkov
> > timestamp: 2022-02-15 11:35:18 +0400
> > message:
> >
> > MDEV-27831 Let the SQL SERVICE user set the current user name.
> >
> > The 'user' argument added to the mysql_real_connect_local.
>
> I think this is wrong on many levels.
>
> A plugin name is already known inside the plugin, you shouldn't force
> the plugin to pass its own name as an argument in multiple places, the
> server should determine it automatically.
>
> You should not set current_user to an arbitrary string for audit plugin
> to see it. current_user is the name of the user account and it's used in
> many places as such. Try, for example, to create a view or a stored
> procedure. Who will be a definer?
>
> Setting only user() might be ok. Setting @@proxy_user or @@external_user
> is even better, if your audit plugin can show them. @@external_user
> would be the best, I think it's purely informational.
>
> Regards,
> Sergei
> VP of MariaDB Server Engineering
> and security@xxxxxxxxxxx
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-developers
> Post to     : maria-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-developers
> More help   : https://help.launchpad.net/ListHelp
>