STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021: STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:SV-235181r638812_rule
V-235181
SRG-APP-000340-DB-000304
MYS8-00-010700
CAT II
10
Remove any procedures that are not authorized.
Drop the procedure or function using
DROP PROCEDURE <proc_name>;
DROP FUNCTION <function_name>;
Review the server documentation to obtain a listing of accounts used for executing external processes. Execute the following query to obtain a listing of accounts currently configured for use by external processes.
SHOW PROCEDURE STATUS where security_type <> 'INVOKER';
SHOW FUNCTION STATUS where security_type <> 'INVOKER';
If DEFINER accounts are returned that are not documented and authorized, this is a finding.
If elevation of MySQL privileges using DEFINER is documented, but not implemented as described in the documentation, this is a finding.
If the privilege-elevation logic can be invoked in ways other than intended, or in contexts other than intended, or by subjects/principals other than intended, this is a finding.
V-235181
False
MYS8-00-010700
Review the server documentation to obtain a listing of accounts used for executing external processes. Execute the following query to obtain a listing of accounts currently configured for use by external processes.
SHOW PROCEDURE STATUS where security_type <> 'INVOKER';
SHOW FUNCTION STATUS where security_type <> 'INVOKER';
If DEFINER accounts are returned that are not documented and authorized, this is a finding.
If elevation of MySQL privileges using DEFINER is documented, but not implemented as described in the documentation, this is a finding.
If the privilege-elevation logic can be invoked in ways other than intended, or in contexts other than intended, or by subjects/principals other than intended, this is a finding.
M
5277