database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-17456 Malicious SUPER user can possibly change audit log configuration without leaving traces.

Browse Source 
The 'SET server_audit_logging ' statements should be logged no matter
what.
This commit is contained in:
Alexey Botchkov
2019-04-29 01:25:17 +04:00
parent cd26cdcd97
commit a529188e05
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mysql-test/suite/plugins/r/server_audit.result
View File

@ -212,6 +212,8 @@ select 2;
2
2
drop table t1;
set global server_audit_logging= off;
set global server_audit_logging= on;
set global server_audit_events='';
set global server_audit_query_log_limit= 15;
select (1), (2), (3), (4);
@ -378,6 +380,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1=<secret>',ID
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'insert into t1 values (1), (2)',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global server_audit_logging= off',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global server_audit_events=\'\'',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'set global serv',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'select (1), (2)',0