Bug #34053 normal users can enable innodb_monitor logging
Submitted: 25 Jan 2008 13:14 Modified: 20 Jun 2010 0:52
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.0.54, 5.1.24, 6.0 OS:Any
Assigned to:
Tags: fixed in pre-v6, v6
Triage: D3 (Medium) / R3 (Medium) / E3 (Medium)

[25 Jan 2008 13:14] Shane Bester
Description:
Seems you don't need any special privileges to enable the innodb_monitor,
innodb_table_monitor, innodb_lock_monitor, and innodb_tablespace_monitor described in http://dev.mysql.com/doc/refman/5.0/en/innodb-monitor.html

How to repeat:
mysql -uroot -h127.0.0.1
flush privileges;
drop user 'shane'@'127.0.0.1';
grant usage on *.* to 'shane'@'127.0.0.1' identified by '12345';
exit
mysql -ushane -h127.0.0.1 -p12345 test

select user(),current_user();
show grants;

drop table if exists innodb_monitor;
create table innodb_monitor(a int)engine=innodb;
#look in error log
select sleep(30);
drop table if exists innodb_monitor;

drop table if exists innodb_table_monitor;
create table innodb_table_monitor(a int)engine=innodb;
#look in error log
select sleep(30);
drop table if exists innodb_table_monitor;

drop table if exists innodb_tablespace_monitor;
create table innodb_tablespace_monitor(a int)engine=innodb;
#look in error log
select sleep(30);
drop table if exists innodb_tablespace_monitor;

drop table if exists innodb_lock_monitor;
create table innodb_lock_monitor(a int)engine=innodb;
#look in error log
select sleep(30);
drop table if exists innodb_lock_monitor;

Suggested fix:
Since logging can have a negative performance impact, and potentially fill the disk, it should be reserved for users with more privileges ?
[25 Jan 2008 14:01] Heikki Tuuri
Vasil, please look at fixing this in 5.1.

The performance impact of InnoDB monitors is small, but they could fill the disk with the .err log.

Regards,

Heikki
[26 Jan 2008 13:00] Miguel Solorzano
Thank you for the bug report. Verified as described.
[11 Feb 2008 10:14] Vasil Dimov
Patch that fixes this bug (against 5.1)

Attachment: bug34053.diff (application/octet-stream, text), 9.59 KiB.

[20 Feb 2008 23:48] Timothy Smith
Queued in 5.1-build.  NOT applied to 6.0, yet.  Docs team, please return it to "Patch approved", waiting for a 6.0 snapshot from InnoDB devs.
[22 Feb 2008 22:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42887

ChangeSet@1.2541, 2008-02-22 15:29:52-07:00, tsmith@ramayana.hindu.god +2 -0
  Bug #34053: normal users can enable innodb_monitor logging
  
  The check_global_access() function was made available to InnoDB, but
  was not defined in the embedded server library.  InnoDB, as a plugin,
  is not recompiled when the embedded server is built.  This caused a
  link failure when compiling applications which use the embedded server.
  
  The fix here is to always define check_global_access() externally; in
  the embedded server case, it is defined to just return OK.
[22 Feb 2008 23:56] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42891

ChangeSet@1.2541, 2008-02-22 16:56:34-07:00, tsmith@ramayana.hindu.god +3 -0
  Bug #34053: normal users can enable innodb_monitor logging
  
  The check_global_access() function was made available to InnoDB, but
  was not defined in the embedded server library.  InnoDB, as a plugin,
  is not recompiled when the embedded server is built.  This caused a
  link failure when compiling applications which use the embedded server.
  
  The fix here is to always define check_global_access() externally; in
  the embedded server case, it is defined to just return OK.
  
  Also, don't run the test case for this bug in embedded server.
[25 Feb 2008 15:59] Bugs System
Pushed into 5.1.24-rc
[25 Feb 2008 16:05] Bugs System
Pushed into 6.0.5-alpha
[25 Feb 2008 19:25] Timothy Smith
Docs team: fixed in 5.1, but not yet in 6.0 (waiting for 6.0 snapshot).

Other minor detail: the check_global_access() function is made visible to
InnoDB in 6.0; but the changes in the handler code itself, to use that
function, are in 5.1 only.
[18 Mar 2008 23:47] Timothy Smith
After this fix, PROCESS privilege is required to start/stop the InnoDB monitoring.
[2 Apr 2008 17:59] Jon Stephens
Pushed into 5.1.23-ndb-6.3.11.
[17 Apr 2008 17:05] Paul Dubois
Noted in 5.1.24, 6.0.5 changelogs.

The PROCESS privilege now is required to start or stop InnoDB
monitoring. Previously, no privilege was required.
[5 May 2010 15:12] Bugs System
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[6 May 2010 13:38] Paul Dubois
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[28 May 2010 5:48] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:18] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[28 May 2010 6:45] Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[29 May 2010 22:58] Paul Dubois
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[17 Jun 2010 11:49] Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:26] Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:14] Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)