Bug 6772 - TRACE includes information from all active sessions
Summary: TRACE includes information from all active sessions
Alias: None
Product: SQL
Classification: Unclassified
Component: all (show other bugs)
Version: 11.33.11 (Apr2019-SP1)
Hardware: x86_64 (amd64/em64t) Linux
: Normal normal
Assignee: SQL devs
Depends on:
Reported: 2019-10-09 22:40 CEST by Roberto Cornacchia
Modified: 2019-11-28 10:00 CET (History)
2 users (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Roberto Cornacchia 2019-10-09 22:40:52 CEST
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Build Identifier: 

When using TRACE <query> a user expects to see the trace for that specific query.
Instead, the output includes traces all active sessions at that moment. That is highly confusing and has possible privacy/security issues.

Reproducible: Always

Steps to Reproduce:
(shell 1)$ yes "SELECT 'I am from session 1';" | mclient -f trash -d demo
(shell 2)$ yes "SELECT 'I am from session 2';" | mclient -f trash -d demo
(shell 3)$ echo "TRACE SELECT 'I am from session 3';" | mclient -d demo

Repeat command from shell 3. Every time it gives a different output, with content from the other sessions.
Comment 1 Martin Kersten cwiconfidential 2019-10-10 16:30:56 CEST
Returning global TRACE information as part of the result set is likely to be abandoned soon. The purpose of it was to get a complete picture on what is going on in the server. Because, the performance of a single query may be affected by concurrent queries.

Indeed, an overview of all activities may disclose more information then required.
Comment 2 Pedro Ferreira 2019-10-15 15:19:59 CEST
With the latest changes on default branch, this should no longer be an issue.
Comment 3 Martin Kersten cwiconfidential 2019-10-15 15:39:10 CEST
The Default branch contains better code to separate the profiler events