[debian-mysql] Backporting the mysql_no_login plugin
Norvald H. Ryeng
norvald.ryeng at oracle.com
Fri Oct 24 07:49:34 UTC 2014
Hi package maintainers,
We have a new plugin in MySQL 5.7 that makes it possible to have
accounts that can't log in:
CREATE USER foo at localhost IDENTIFIED WITH 'mysql_no_login';
The mysql_no_login plugin simply denies all login attempts. This is
useful for users that are created, e.g., to serve as proxy users, or
as owners of stored programs/functions, views or events.
This new plugin doesn't fix known security defects in the server, but
does provide new and better means to harden security. Best practices
for security include application of least-required privileges, and in
some cases, that means no client connections for privileged
accounts. This new plugin provides means to implement such
restrictions in a standard way.
Because of the security benefits, we'd like to discuss backporting it
to 5.6. Like you, we don't like big changes to GA releases, but this
time we think it has a good use case, it's safe and has a very low
risk of regressions:
- Since this is a plugin, it doesn't touch server code
- All new code is in a plugin that must be enabled explicitly by the
DBA
- The code itself is very simple. It's only one line of "real" code
(unconditionally return authentication failure), plus necessary
plugin plumbing to fill out the plugin API.
If we backport this to 5.6, there are multiple ways to avoid it:
- Apply a patch from us to remove the plugin
- Don't build it
- Build it, but don't ship it
- Build and ship it, but don't use it (in any case, the DBA has to
enable it and alter the user accounts to use it)
So what do you think about backporting this? The only thing you'll
notice is one more file in the plugins directory.
Regards,
Norvald
More information about the pkg-mysql-maint
mailing list