Bug #68936 Server does not expose --log-raw in SHOW VARIABLES
Submitted: 11 Apr 2013 21:17
Reporter: Todd Farmer (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Logging Severity:S2 (Serious)
Version:5.6.10 OS:Any
Assigned to: CPU Architecture:Any

[11 Apr 2013 21:17] Todd Farmer
Description:
MySQL 5.6 added the ability to mask passwords in logs, controlled by the --log-raw option.  This option is not exposed in global variables, so it's not possible to determine whether a running server is configured to mask these passwords (default behavior) or has overridden it.  This makes it impossible to audit for security compliance.

How to repeat:
Using a 5.6 server execute SHOW GLOBAL VARIABLES LIKE '%raw%';

Suggested fix:
Add a global variable for log_raw.  Ideally, this would be something that can be changed with SUPER privileges, but read-only access to current state is bare minimum.