5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER

Information

Stored procedure and stored function declarations include a definition of permissions which can be used to escalate permissions. It's important to inspect these settings to ensure they do not unnecessarily escalate privileges.

Rationale:

A stored procedure or function that improperly escalates privileges may provide unintended access rights which can be improperly used.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Drop and recreate stored procedures and functions using proper DEFINER and INVOKER settings, or other code changes.

See Also

https://workbench.cisecurity.org/files/3859

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8, CSCv7|14.6

Plugin: MySQLDB

Control ID: 178967b19a8968547a5a22f9c2d3a370497031303ea9037f5a337cd795581806