Absence of mysql.user leads to auto-apply of --skip-grant-tables
General
Escalation
General
Escalation
Description
Environment
None
Attachments
1
Smart Checklist
Activity
Show:
George Lorch September 2, 2019 at 2:30 PM
Fixed by upstream in 8.0.17
George Lorch March 26, 2019 at 9:51 PM
Oops, sorry , you are correct, I saw wrong version...been looking at Jira for too long today...
C W March 26, 2019 at 9:36 PM
I don't believe that the upstream fix has been released yet - it was marked for 8.0.16, which is still pending
George Lorch March 26, 2019 at 9:06 PM
Fixed upstream as of 8.0.14/.15 and released in PS 8.0.15-5
C W February 21, 2019 at 12:36 PMEdited
I'm updating the synopsis to better reflect the issue and its severity. A perfectly healthy server can be turned into one that you wouldn't want running.
To reiterate Sveta's test-case:
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
C WLabels
Upstream Bug URL
Fix versions
Affects versions
Priority
HighSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created February 20, 2019 at 12:12 PM
Updated March 6, 2024 at 12:20 PM
Resolved March 26, 2019 at 9:07 PM
During the
--initiliazephase of a new server, if a configuration issues causes the process to abort it is possible to start the server normally and it seems to auto-apply skip-grant-tables.This allows access and could be very easy to miss, which has implications such as allowing remote access.
Sadly, you cannot fix this with mysql_upgrade:
This can be tested easily using the official Docker images.
1 Create a broken container
We force the container to break with an unknown variable (binlog_encryption). The example uses Docker in Swarm mode so that secrets are shared from files.
2 Update MySQL version to fix forced failure
You can then connect, even with an invalid user:
Additionally, it is possible to configure the host as a slave with a little coercion.
When you try to
CHANGE MASTERyou will get the error:Restarting the container then allows you to start replication. With the following you can avoid the table causing breakage: