*: add security enhanced mode part 1 #23978
Conversation
ti-chi-bot
added
the
size/XL
tidb-server/main.go
Outdated
| if cfg.Experimental.EnableEnhancedSecurity { | ||
| security.Enable() | ||
| } | ||
|
|
There was a problem hiding this comment.
This is the only real change to this file. The other changes are just cleaning up inconsistencies.
github-actions
bot
added
component/config
component/expression
sig/sql-infra
|
/run-all-tests tidb-test=pr/1181 |
|
/LGTM |
| var ( | ||
| semEnabled int32 | ||
| ) | ||
|
|
||
| // Enable enables SEM. This is intended to be used by the test-suite. | ||
| // Dynamic configuration by users may be a security risk. | ||
| func Enable() { | ||
| atomic.StoreInt32(&semEnabled, 1) | ||
| variable.SetSysVar(variable.TiDBEnableEnhancedSecurity, variable.BoolOn) | ||
| } | ||
|
|
||
| // Disable disables SEM. This is intended to be used by the test-suite. | ||
| // Dynamic configuration by users may be a security risk. | ||
| func Disable() { | ||
| atomic.StoreInt32(&semEnabled, 0) | ||
| variable.SetSysVar(variable.TiDBEnableEnhancedSecurity, variable.BoolOff) | ||
| } | ||
|
|
||
| // IsEnabled checks if Security Enhanced Mode (SEM) is enabled | ||
| func IsEnabled() bool { | ||
| return atomic.LoadInt32(&semEnabled) == 1 | ||
| } |
There was a problem hiding this comment.
I changed this to use atomics because I noticed collations used this pattern. Even though there was no race on using the config element, it might have triggered the race detector.
|
/LGTM |
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by writing |
ti-chi-bot
added
status/LGT2
|
Please resolve the conflicts. |
ti-chi-bot
added
the
needs-rebase
ti-chi-bot
removed
the
needs-rebase
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: 0552070
|
ti-chi-bot
added
the
status/can-merge
|
/run-sqllogic-test-1 |
|
/run-all-tests |
|
Do we need to merge tidb-test/#1181? |
No, this is related to a different PR. But yes, it would be great to merge it :-) |
|
/merge |
ti-chi-bot
removed
the
status/can-merge
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: 7b47277
|
ti-chi-bot
added
the
status/can-merge
|
@morgo: Your PR was out of date, I have automatically updated it for you. At the same time I will also trigger all tests for you: /run-all-tests If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
|
/merge |
What problem does this PR solve?
Problem Summary:
This implements the first of presumably 3-4 PRs to add security enhanced mode. I have a branch available which has almost all of the changes, but it has gotten too large to be reviewed easily.
I will handle the restricted variables / status variables / restricted_user_admin etc in followup PRs.
What is changed and how it works?
Proposal: https://github.com/pingcap/tidb/blob/master/docs/design/2021-03-09-security-enhanced-mode.md
What's Changed:
This introduces some of the basic functionality:
How it Works:
The restrictions are plugged directly into the privilege manager so that there are no risks from certain operations being missed in scope.
Related changes
pingcap/docs/pingcap/docs-cn:Check List
Tests
Side effects
Release note
SUPERprivilege from performing certain high risk operations. The design is inspired by Security Enhanced (SE) Linux and AppArmor.