Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor,infoschema: check privilege for 'show processlist' #7858

Merged
merged 4 commits into from
Oct 10, 2018
Merged

executor,infoschema: check privilege for 'show processlist' #7858

merged 4 commits into from
Oct 10, 2018

Conversation

tiancaiamao
Copy link
Contributor

What problem does this PR solve?

"show processlist" requires the PROCESS privilege.
Otherwise, the user can see only his own threads.

What is changed and how it works?

Add check for PROCESS privilege.

Check List

Tests

  • Manual test (add detailed scripts or steps below)

As the util.SessionManager is mocked, its ShowProcessList can't work.
I test manually to check the changes in this PR works.

mysql -h 127.0.0.1 -u root -P 4000
create user noprivs;

// open another terminal
mysql  -h 127.0.0.1 -u noprivs -P 4000
mysql> show processlist;                                                                                                                                                                      +------+---------+-----------+------+---------+------+-------+------------------+------+
| Id   | User    | Host      | db   | Command | Time | State | Info             | Mem  |
+------+---------+-----------+------+---------+------+-------+------------------+------+
|    6 | noprivs | 127.0.0.1 |      | Query   |    0 | 2     | show processlist |    0 |
+------+---------+-----------+------+---------+------+-------+------------------+------+
1 row in set (0.01 sec)

// back to previous terminal
mysql> show processlist;
+------+---------+-----------+------+---------+------+-------+------------------+------+
| Id   | User    | Host      | db   | Command | Time | State | Info             | Mem  |
+------+---------+-----------+------+---------+------+-------+------------------+------+
|    5 | root    | 127.0.0.1 |      | Query   |    0 | 2     | show processlist |    0 |
|    6 | noprivs | 127.0.0.1 |      | Sleep   |   27 | 2     |                  |    0 |
+------+---------+-----------+------+---------+------+-------+------------------+------+
2 rows in set (0.00 sec)

@jackysp @lysu

@tiancaiamao
executor: check privilege for 'show processlist'
e534f88 
"show processlist" requires the PROCESS privilege.
Otherwise, the user can see only his own threads.
@tiancaiamao
fix information_schema
2a5096d
@imtbkcat
Copy link

/run-all-tests

eurekaka
eurekaka reviewed Oct 10, 2018
View reviewed changes
Copy link
Contributor

@eurekaka eurekaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eurekaka
Copy link
Contributor

/run-all-tests

@eurekaka eurekaka added the status/LGT1 Indicates that a PR has LGTM 1. label Oct 10, 2018
imtbkcat
imtbkcat approved these changes Oct 10, 2018
View reviewed changes
Copy link

@imtbkcat imtbkcat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@imtbkcat imtbkcat added status/LGT2 Indicates that a PR has LGTM 2. status/all tests passed and removed status/LGT1 Indicates that a PR has LGTM 1. labels Oct 10, 2018
@shenli shenli merged commit 38f2fe0 into pingcap:master Oct 10, 2018
@tiancaiamao tiancaiamao deleted the processlist-priv branch October 11, 2018 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eurekaka eurekaka eurekaka left review comments

@imtbkcat imtbkcat imtbkcat approved these changes

Assignees
No one assigned
Labels
component/privilege status/LGT2 Indicates that a PR has LGTM 2. type/bugfix This PR fixes a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tiancaiamao @imtbkcat @eurekaka @shenli