database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-24815 Add 'allow-suspicious-udfs' and 'skip-grant-tables' to system variables

Browse Source 
Make two existing command line options "allow-suspicious-udfs" and
"skip-grant-tables" visible as global system variables.

Both options have security implications, but users were not able to check
their states in the server prior to this change. This was a security
issue, as the user may not be aware if the options are enabled. By adding
them into system variables, it increases users’ visibility into their
security configurations.

Create new MTR tests to verify that the system variables align with the
command line options. Minor adjustments to the existing MTR due to the new
members in system variables.

Before:
    mysql> SHOW VARIABLES WHERE
    Variable_Name LIKE 'allow_suspicious_udfs' OR
    Variable_Name LIKE 'skip_grant_tables';
    Empty set (0.000 sec)

After:
    mysql> SHOW VARIABLES WHERE
    Variable_Name LIKE 'allow_suspicious_udfs' OR
    Variable_Name LIKE 'skip_grant_tables';
    +-----------------------+-------+
    | Variable_name         | Value |
    +-----------------------+-------+
    | allow_suspicious_udfs | OFF   |
    | skip_grant_tables     | OFF   |
    +-----------------------+-------+

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
This commit is contained in:
Tingyao Nian
2022-05-19 19:18:26 +00:00
committed by Daniel Black
parent 3cc8539d84
commit b3df1ec97a
11 changed files with 123 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mysql-test/main/mysqld--help.result
View File

@@ -8,10 +8,11 @@ The following specify which files/extra groups are read (specified before remain
--defaults-group-suffix=# Additionally read default groups with # appended as a suffix.
--allow-suspicious-udfs
Allows use of UDFs consisting of only one symbol xxx()
without corresponding xxx_init() or xxx_deinit(). That
also means that one can load any function from any
library, for example exit() from libc.so
Allows use of user-defined functions (UDFs) consisting of
only one symbol xxx() without corresponding xxx_init() or
xxx_deinit(). That also means that one can load any
function from any library, for example exit() from
libc.so
--alter-algorithm[=name]
Specify the alter table algorithm. One of: DEFAULT, COPY,
INPLACE, NOCOPY, INSTANT