Bug #93184 firewall plugin cannot work well when audit_log plugin active
Submitted: 14 Nov 2018 9:14 Modified: 30 Nov 2018 3:51
Reporter: Rungong An Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Firewall Severity:S3 (Non-critical)
Version:5.7.17 - enterprise OS:Oracle Linux
Assigned to: Marek Szymczak CPU Architecture:Any

[14 Nov 2018 9:14] Rungong An
When the audit_log plugin is installed, firewall plugin cannot work well.

How to repeat:

start mysqld with default option, use 'mysql -uroot -p' to connect mysqld.

1. install audit_log plugin, create employee@localhost user;

2. use employee@localhost user to import example employees database provided by dev.mysql.com;

3. source linux_install_firewall.sql

4. call mysql.sp_set_firewall_mode('employee@localhost', 'recording')

5. use another terminal to login as employee(mysql -uemployee -p) and execute some sql

USE employees;
SELECT dept_no, dept_name FROM departments; SELECT first_name, last_name FROM employees WHERE emp_no=10001;
SELECT departments.dept_name,
  employees.first_name, employees.last_name
FROM departments NATURAL JOIN dept_emp
NATURAL JOIN employees
WHERE departments.dept_no='d001';

6. call mysql.sp_set_firewall_mode('employee@localhost', 'protecting');

error occurs:

ERROR 1406 (22001): Data too long for column 'result' at row 1

7. uninstall plugin audit_log;

8. execute sqls mentioned in 5;

9. call mysql.sp_set_firewall_mode('employee@localhost', 'protecting');

the statement succeeds.
[30 Nov 2018 3:51] Paul DuBois
Posted by developer:
Fixed in 5.7.25, 8.0.14.

MySQL Enterprise Firewall did not work well if the audit_log plugin
was installed.