Ubuntu
mysql-5.7 package

Backport login throttling plugin to 5.6 and 5.7

  1. Yakkety (16.10)
  2. Bug #1633485
Bug #1633485 reported by Norvald H. Ryeng
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mysql-5.6 (Ubuntu)
Invalid
Undecided
Unassigned
Precise
Invalid
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
Xenial
Invalid
Undecided
Unassigned
Yakkety
Invalid
Undecided
Unassigned
mysql-5.7 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Yakkety
Invalid
Undecided
Unassigned

Bug Description

In MySQL 8.0 we (Oracle) are adding a plugin to rate-limit/throttle
login attempts in order to stop brute-force attacks.

Since this is a security mechanism that has been requested by users,
we would also like to backport this plugin to MySQL 5.6 and 5.7.

After consulting with Robie Basak (racb), we understand this change to
be allowed in Ubuntu under the SRU process (Sect. 2.2,
https://wiki.ubuntu.com/StableReleaseUpdates), but if there are any
comments or objections, we'd like to hear them now.

Impact
======

This functionality is implemented in a plugin. The plugin is not
loaded, and the functionality will not be activated unless the DBA
explicitly activates it.

Regression potential
====================

The potential for regression is considered low for the following
reasons:

 - The new functionality is in a plugin that 1) is not loaded by
   default, and 2) can be unloaded if it causes problems.

 - The change does not introduce new SQL syntax, and no existing
   syntax is affected.

 - The plugin is new, so it's not used by any other packages in
   Ubuntu.

Revision history for this message
Robie Basak (racb) wrote :

Subscribing ~ubuntu-sru for information, though AIUI no explicit approval is required with our new SRU policy.

Changed in mysql-5.6 (Ubuntu Xenial):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Yakkety):
status: New → Invalid
Changed in mysql-5.7 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-5.7 (Ubuntu Trusty):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Trusty):
status: New → Triaged
Changed in mysql-5.7 (Ubuntu Xenial):
status: New → Triaged
Changed in mysql-5.7 (Ubuntu Yakkety):
status: New → Triaged
Revision history for this message
Robie Basak (racb) wrote :

This is expected in 5.7.17 and 5.6.35.

Revision history for this message
Robie Basak (racb) wrote :

https://dev.mysql.com/doc/refman/5.7/en/connection-control-plugin.html
https://dev.mysql.com/doc/refman/5.6/en/connection-control-plugin.html

Revision history for this message
Simon Déziel (sdeziel) wrote :

This was fixed some time ago it seems:

$ dpkg -l| grep mysql-server-5.7
ii mysql-server-5.7 5.7.30-0ubuntu0.16.04.1 amd64 MySQL database server binaries and system database setup
$ dpkg -L mysql-server-5.7 | grep control
/usr/lib/mysql/plugin/connection_control.so

Changed in mysql-5.7 (Ubuntu Xenial):
status: Triaged → Fix Released
Changed in mysql-5.7 (Ubuntu Yakkety):
status: Triaged → Invalid
Changed in mysql-5.7 (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Trusty has reached its end of standard support.

Changed in mysql-5.6 (Ubuntu Trusty):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.