Bug #46071 | Rule "Non-Authorized User Has Server Admin Privileges" doesn't check Process_pri | ||
---|---|---|---|
Submitted: | 9 Jul 2009 1:59 | Modified: | 7 Aug 2009 9:43 |
Reporter: | Matthew Montgomery | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Enterprise Monitor: Advisors/Rules | Severity: | S3 (Non-critical) |
Version: | 2.0.0.7071 | OS: | Any |
Assigned to: | Andy Bang | CPU Architecture: | Any |
[9 Jul 2009 1:59]
Matthew Montgomery
[16 Jul 2009 16:35]
Enterprise Tools JIRA Robot
Andy Bang writes: Added Process_priv to the list of items we check in the custom data collection item in the Agent's items-mysql-monitor.xml file. Pushed up to revision 1418.
[21 Jul 2009 15:22]
Enterprise Tools JIRA Robot
Marcos Palacios writes: Verified fixed in agent build 2.1.0.1078 in the Agent's items XML file. QA has agreed with Dev that this rule's Advice will need to be modified as well; will reopen for this additional change.
[21 Jul 2009 15:30]
Enterprise Tools JIRA Robot
Marcos Palacios writes: Reopening for the following change: QA has agreed with Dev that this rule's Advice needs to be modified by adding the 'Process' privilege to the list (as shown below): "Investigate why the following users have at least one of the admin privileges (CREATE USER, FILE, LOCK TABLES on all databases, RELOAD, SHUTDOWN, SUPER, PROCESS)".
[30 Jul 2009 17:02]
Enterprise Tools JIRA Robot
Andy Bang writes: Added PROCESS to the list of admin privileges in the advice. Pushed up to revision 289.
[4 Aug 2009 22:53]
Enterprise Tools JIRA Robot
Keith Russell writes: Patch installed in versions => 2.1.0.1085.
[5 Aug 2009 18:07]
Enterprise Tools JIRA Robot
Marcos Palacios writes: Verified fixed in advisor bundle 2.1.0.1085.
[7 Aug 2009 9:43]
Tony Bedford
An entry was added to the 2.1.0 changelog: The Rule “Non-Authorized User Has Server Admin Privileges” in the “Security” Advisor checked for the following: Create_user_priv = 'Y' File_priv = 'Y' Lock_tables_priv = 'Y' Reload_priv = 'Y' Shutdown_priv = 'Y' Super_priv = 'Y However, it did not include a check for the condition: Process_priv = 'Y'