Bug #116622 There's no alternative way to create TRIGGER without SUPER priv
Submitted: 12 Nov 2024 3:04 Modified: 12 Nov 2024 5:33
Reporter: Tsubasa Tanaka (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S4 (Feature request)
Version:8.0.40, 8.4.3, 9.1.0 OS:Any
Assigned to: CPU Architecture:Any

[12 Nov 2024 3:04] Tsubasa Tanaka 
Description:
log_bin_trust_function_creators had been deprecated on MySQL 8.0.32

https://dev.mysql.com/doc/refman/8.0/en/replication-options-binary-log.html#sysvar_log_bin...

But there's no alternative way to create TRIGGER without SUPER priv.
Once removed log_bin_trust_function_creators, there's no way to create TRIGGER without SUPER priv.

How to repeat:
mysql90 9> SELECT @@binlog_format, @@log_bin_trust_function_creators;
+-----------------+-----------------------------------+
| @@binlog_format | @@log_bin_trust_function_creators |
+-----------------+-----------------------------------+
| ROW             |                                 0 |
+-----------------+-----------------------------------+
1 row in set, 2 warnings (0.00 sec)

mysql90 9> CREATE TRIGGER tr1 BEFORE UPDATE ON t1 FOR EACH ROW INSERT INTO t3 VALUES (0, NOW());
ERROR 1419 (HY000): You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)

Suggested fix:
Now CREATE TRIGGER checks `log_bin_trust_function_creators` (will be removed), `mysql_bin_log.is_open()` (maybe many servers "true"), SUPER_ACL or SET_USER_ID priv.

https://github.com/mysql/mysql-server/blob/mysql-8.0.40/sql/sql_trigger.cc#L394-L410

Does the handling CREATE TRIGGER condition include "binlog_fomat = STATEMENT or not", as same as calling stored procedure's one?

https://github.com/mysql/mysql-server/blob/mysql-8.0.40/sql/item_func.cc#L8251-L8262
[12 Nov 2024 5:33] MySQL Verification Team 
Hello tanaka-San,

Thank you for the feature request!

regards,
Umesh