Bug #98495 | Timestamp is not set to CURRENT_TIMESTAMP in mysql.tables_priv | ||
---|---|---|---|
Submitted: | 5 Feb 2020 18:53 | Modified: | 29 Nov 2021 20:43 |
Reporter: | Ceri Williams | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 8.0.18, 5.7.28 | OS: | Linux |
Assigned to: | CPU Architecture: | Any | |
Tags: | tables_priv current_timestamp |
[5 Feb 2020 18:53]
Ceri Williams
[6 Feb 2020 9:59]
Ceri Williams
To clarify why this is an issue for a production environment: mysqldump --compact --replace --skip-add-locks --skip-lock-tables --no-create-info --skip-triggers --set-gtid-purged=OFF mysql tables_priv | \ mysql --database=mysql ERROR 1292 (22007) at line 1: Incorrect datetime value: '0000-00-00 00:00:00' for column 'Timestamp' at row 1 You cannot perform a logical restore without changing the sql_mode of the server.
[6 Feb 2020 14:01]
MySQL Verification Team
Hello Mr. Williams, Thank you for your bug report. I happen to be the one who was the author of the entire privilege system, so I know what you are asking and what are the causes of this design. Two columns that you are writing about were meant to be used in future extensions of the system, which never materialised. Timestamp column was there for the security information, to know when the last change occurred. `Grantor` column is there in order to know which user granted those privileges. This could have lead to the possibility of reviewing the entire hierarchy of who gave privileges to whom and in what order. However, this idea was not implemented, most likely because nobody asked for that feature. `mysql.sys` user is a special case of a system user, that deals with our internal schemas. However, I agree with you that it should be documented. Verified as a documentation bug.
[11 Feb 2020 13:15]
Ceri Williams
Thanks for the notes Sinisa. However, you appear to have missed the part where this prevents a logical restore with the default sql_mode due to zero dates, so it is a bug not just a case of updating the documentation.
[11 Feb 2020 13:37]
MySQL Verification Team
Hi Mr. Williams, I agree with you. Category is changed .......
[20 May 2021 9:06]
fander chan
I dont agree with you. This feature works in older versions! It's ok in 5.5.62 (the last verion of 5.5),But it is not ok in any sub version of 5.6、5.7、8.0. So I think it's also a bug, though not serious. Here is my test code: ``` mysql> select @@version; +-----------+ | @@version | +-----------+ | 5.5.62 | +-----------+ 1 row in set (0.00 sec) mysql> set sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE'; Query OK, 0 rows affected (0.00 sec) mysql> select @@sql_mode; +--------------------------------------------------+ | @@sql_mode | +--------------------------------------------------+ | STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE | +--------------------------------------------------+ 1 row in set (0.00 sec) mysql> create database fanderchan; Query OK, 1 row affected (0.00 sec) mysql> use fanderchan; Database changed mysql> create table fanderchan(id int); Query OK, 0 rows affected (0.00 sec) mysql> mysql> create user fanderchan identified by 'MySQL@2021'; Query OK, 0 rows affected (0.00 sec) mysql> grant select on fanderchan.fanderchan to fanderchan; Query OK, 0 rows affected (0.00 sec) mysql> select * from mysql.tables_priv; +------+------------+------------+------------+----------------+---------------------+------------+-------------+ | Host | Db | User | Table_name | Grantor | Timestamp | Table_priv | Column_priv | +------+------------+------------+------------+----------------+---------------------+------------+-------------+ | % | fander | fander | fander | root@localhost | 2021-05-20 16:20:38 | Select | | | % | fander | fander | fander2 | root@localhost | 2021-05-20 16:35:26 | Select | | | % | fanderchan | fanderchan | fanderchan | root@localhost | 2021-05-20 17:04:29 | Select | | +------+------------+------------+------------+----------------+---------------------+------------+-------------+ 3 rows in set (0.00 sec) ```
[20 May 2021 13:52]
MySQL Verification Team
Hi Mr. Chan, Yes, this is a bug, but not a serious one .....
[14 Jul 2021 14:03]
OCA Admin
Contribution submitted via Github - Bug #98495: Timestamp is not set to CURRENT_TIMESTAMP in mysql.tables… (*) Contribution by Venkatesh Prasad Venugopal (Github venkatesh-prasad-v, mysql-server/pull/348#issuecomment-879671385): I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: git_patch_689667510.txt (text/plain), 24.12 KiB.
[29 Nov 2021 20:43]
Daniel Price
Posted by developer: The Timestamp column in the mysql.tables_priv and myql.columns_priv grant tables was set to a zero timestamp value ("0000-00-00 00:00:00") for GRANT and REVOKE operations, preventing a logical restore of the grant tables. As of MySQL 8.0.28, a valid start time value is written to the Timestamp column. If you have existing grant table records with zero timestamp values that are preventing a logical restore of the grant tables, a workaround is to update records in the grant tables or in the dump files, replacing zero timestamp values with CURRENT_TIMESTAMP. Thanks to Venkatesh Prasad Venugopal for the contribution.