Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

infoschema: improve the security vunerability of TABLE_CONSTRAINTS infoschema #14037

Merged
merged 9 commits into from
Dec 13, 2019
Merged

infoschema: improve the security vunerability of TABLE_CONSTRAINTS infoschema #14037

merged 9 commits into from
Dec 13, 2019

Conversation

reafans
Copy link
Contributor

@reafans reafans commented Dec 12, 2019
edited
Loading

What problem does this PR solve?

What is changed and how it works?

before:new user can get the whole data of information_schema.TABLE_CONSTRAINTS

mysql -u root -h 127.0.0.1 -P 4000
mysql> create user tester;
mysql -u tester -h 127.0.0.1 -P 4000
mysql> use information_schema;
mysql> select * from TABLE_CONSTRAINTS;
+--------------------+-------------------+-------------------------+--------------+----------------------+-----------------+
| CONSTRAINT_CATALOG | CONSTRAINT_SCHEMA | CONSTRAINT_NAME         | TABLE_SCHEMA | TABLE_NAME           | CONSTRAINT_TYPE |
+--------------------+-------------------+-------------------------+--------------+----------------------+-----------------+
| def                | mysql             | PRIMARY                 | mysql        | columns_priv         | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | GLOBAL_VARIABLES     | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | tidb                 | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | help_topic           | PRIMARY KEY     |
| def                | mysql             | name                    | mysql        | help_topic           | UNIQUE          |
| def                | mysql             | tbl                     | mysql        | stats_meta           | UNIQUE          |
| def                | mysql             | tbl                     | mysql        | stats_histograms     | UNIQUE          |
| def                | mysql             | tbl                     | mysql        | stats_buckets        | UNIQUE          |
| def                | mysql             | delete_range_index      | mysql        | gc_delete_range      | UNIQUE          |
| def                | mysql             | delete_range_done_index | mysql        | gc_delete_range_done | UNIQUE          |
| def                | mysql             | PRIMARY                 | mysql        | role_edges           | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | default_roles        | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | user                 | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | db                   | PRIMARY KEY     |
| def                | mysql             | PRIMARY                 | mysql        | tables_priv          | PRIMARY KEY     |
+--------------------+-------------------+-------------------------+--------------+----------------------+-----------------+
15 rows in set (0.00 sec)

after:the new user can only get an empty set.

mysql -u tester -h 127.0.0.1 -P 4000
mysql> use information_schema;
mysql> select * from TABLE_CONSTRAINTS;
Empty set (0.00 sec)

Check List

Tests

  • Unit test
  • Integration test

Code changes

  • Has exported function/method change

Side effects

None

Related changes

None

@reafans
Copy link
Contributor Author

reafans commented Dec 12, 2019

/run all tests

@codecov
Copy link

codecov bot commented Dec 12, 2019
edited
Loading

Codecov Report

Merging #14037 into master will not change coverage.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             master     #14037   +/-   ##
===========================================
  Coverage   80.2241%   80.2241%           
===========================================
  Files           482        482           
  Lines        121087     121087           
===========================================
  Hits          97141      97141           
  Misses        16215      16215           
  Partials       7731       7731

@reafans
Copy link
Contributor Author

reafans commented Dec 12, 2019

/run-all-tests

wjhuang2016
wjhuang2016 reviewed Dec 12, 2019
View reviewed changes
infoschema/tables_test.go Outdated
tk.MustExec("GRANT ALL PRIVILEGES ON mysql.gc_delete_range TO r_gc_delete_range;")
tk.MustExec("GRANT r_gc_delete_range TO constraints_tester;")
constraintsTester.MustExec("set role r_gc_delete_range")
constraintsTester.MustQuery("select * from information_schema.TABLE_CONSTRAINTS where TABLE_NAME='gc_delete_range';").Check(testkit.Rows("def mysql delete_range_index mysql gc_delete_range UNIQUE"))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can check that the result is no empty? The rows may change if we update TABLE_CONSTRAINTS in future.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed, PTAL

wjhuang2016
wjhuang2016 reviewed Dec 12, 2019
View reviewed changes
infoschema/tables.go
var rows [][]types.Datum
for _, schema := range schemas {
for _, tbl := range schema.Tables {
if checker != nil && !checker.RequestVerification(ctx.GetSessionVars().ActiveRoles, schema.Name.L, tbl.Name.L, "", mysql.AllPrivMask) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use .O instead of .L?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it doesn't matter, both can lead to the same thing, the schema.Name.L, tbl.Name.L will be converted to capital letters in this func.

@reafans
Copy link
Contributor Author

reafans commented Dec 12, 2019

/run-all-tests

@reafans reafans added component/privilege status/all tests passed type/enhancement The issue or PR belongs to an enhancement. labels Dec 12, 2019
@reafans
Copy link
Contributor Author

reafans commented Dec 12, 2019

/run-all-tests

djshow832
djshow832 reviewed Dec 12, 2019
View reviewed changes
Copy link
Contributor

@djshow832 djshow832 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@djshow832 djshow832 added the status/LGT1 Indicates that a PR has LGTM 1. label Dec 12, 2019
djshow832
djshow832 reviewed Dec 12, 2019
View reviewed changes
infoschema/tables_test.go
tk.MustExec("GRANT ALL PRIVILEGES ON mysql.gc_delete_range TO r_gc_delete_range;")
tk.MustExec("GRANT r_gc_delete_range TO constraints_tester;")
constraintsTester.MustExec("set role r_gc_delete_range")
c.Assert(len(constraintsTester.MustQuery("select * from information_schema.TABLE_CONSTRAINTS where TABLE_NAME='gc_delete_range';").Rows()), Greater, 0)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the exact count of rows? Is it unpredictable?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the count of rows doesn't matter here. We want to check that we can read something here but don't care what it is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it can be predicted, but may be changed in the future, and what we want is whether the data can be query, not what it is.

@djshow832 djshow832 removed the status/LGT1 Indicates that a PR has LGTM 1. label Dec 12, 2019
@reafans
Copy link
Contributor Author

reafans commented Dec 13, 2019

/run-all-tests

wjhuang2016
wjhuang2016 reviewed Dec 13, 2019
View reviewed changes
Copy link
Member

@wjhuang2016 wjhuang2016 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@reafans
Copy link
Contributor Author

reafans commented Dec 13, 2019

/run-all-tests

@reafans reafans added the status/LGT1 Indicates that a PR has LGTM 1. label Dec 13, 2019
@wjhuang2016 wjhuang2016 merged commit 71a8ef2 into pingcap:master Dec 13, 2019
@reafans reafans deleted the infoschema_constraints branch December 13, 2019 06:56
@reafans reafans removed the status/LGT1 Indicates that a PR has LGTM 1. label Dec 17, 2019
@reafans reafans mentioned this pull request Dec 19, 2019
Merged
XiaTianliang pushed a commit to XiaTianliang/tidb that referenced this pull request Dec 21, 2019
@reafans @XiaTianliang
infoschema: improve the security vunerability of TABLE_CONSTRAINTS in…
c6fa069 
…foschema (pingcap#14037)
@reafans
Copy link
Contributor Author

reafans commented Jan 2, 2020

/run-all-tests tidb-test=pr/973

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djshow832 djshow832 djshow832 left review comments

@wjhuang2016 wjhuang2016 wjhuang2016 approved these changes

Assignees
No one assigned
Labels
component/privilege type/enhancement The issue or PR belongs to an enhancement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@reafans @wjhuang2016 @djshow832