Bug #23658 The "SOURCE" statement is not documented / cannot be found in HELP statement
Submitted: 26 Oct 2006 6:59 Modified: 26 Oct 2006 8:19
Reporter: Siu Ching Pong (Asuka Kenji) (Basic Quality Contributor) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.1.11-beta OS:Linux (Linux)
Assigned to: CPU Architecture:Any
Tags: Data Manipulation, Help, Reference Manual, Security, SOURCE

[26 Oct 2006 6:59] Siu Ching Pong (Asuka Kenji)
Description:
The "SOURCE" / "." statement is not documented.
It's usage is not found in the Reference Manual.
It could not be found in the HELP statement too, as shown in the "How to repeat" section below.

My main concern is its security-related aspects:
Will "SOURCE /home/another_user/filename.sql" succeed if MySQL was started as root?
(My current installation is a non-privileged user installation so I am not able test this easily.)

The following issues should be documented:
What MySQL privileges are required to execute the "SOURCE" statement?
When the "SOURCE" statement is executed, what OS privilege is it using?
If I started MySQL server as root, will it gain root privilege and be able to read SQL scripts from another users home directory?
What other aspects should be considered?

How to repeat:
mysql> help source;

Nothing found
Please try to run 'help contents' for a list of all accessible topics

mysql> help contents;
You asked for help about help category: "Contents"
For more information, type 'help <item>', where <item> is one of the following
categories:
   Account Management
   Administration
   Data Definition
   Data Manipulation
   Data Types
   Functions
   Functions and Modifiers for Use with GROUP BY
   Geographic Features
   Language Structure
   Plugins
   Storage Engines
   Stored Routines
   Table Maintenance
   Transactions
   Triggers

mysql> help Data Manipulation;
You asked for help about help category: "Data Manipulation"
For more information, type 'help <item>', where <item> is one of the following
topics:
   CACHE INDEX
   CHANGE MASTER TO
   DEALLOCATE PREPARE
   DELETE
   DO
   DUAL
   EXECUTE STATEMENT
   EXPLAIN
   FLUSH
   HANDLER
   INSERT
   INSERT DELAYED
   INSERT SELECT
   JOIN
   KILL
   LOAD DATA
   LOAD DATA FROM MASTER
   LOAD INDEX
   LOAD TABLE FROM MASTER
   PREPARE
   PURGE MASTER LOGS
   REPLACE INTO
   RESET
   RESET MASTER
   RESET SLAVE
   SELECT
   SET
   SET GLOBAL SQL_SLAVE_SKIP_COUNTER
   SET SQL_LOG_BIN
   SHOW
   SHOW AUTHORS
   SHOW BINLOG EVENTS
   SHOW CHARACTER SET
   SHOW COLLATION
   SHOW COLUMNS
   SHOW CONTRIBUTORS
   SHOW CREATE DATABASE
   SHOW CREATE PROCEDURE
   SHOW CREATE TABLE
   SHOW CREATE VIEW
   SHOW DATABASES
   SHOW ENGINE
   SHOW ENGINES
   SHOW ERRORS
   SHOW GRANTS
   SHOW INDEX
   SHOW INNODB STATUS
   SHOW LOGS
   SHOW MASTER LOGS
   SHOW MASTER STATUS
   SHOW OPEN TABLES
   SHOW PLUGINS
   SHOW PRIVILEGES
   SHOW PROCEDURE STATUS
   SHOW PROCESSLIST
   SHOW SLAVE HOSTS
   SHOW SLAVE STATUS
   SHOW STATUS
   SHOW TABLE STATUS
   SHOW TABLES
   SHOW TRIGGERS
   SHOW VARIABLES
   SHOW WARNINGS
   START SLAVE
   STOP SLAVE
   TRUNCATE TABLE
   UNION
   UPDATE
[26 Oct 2006 8:19] Sveta Smirnova
Thank you for the report.

There is documentation of "source" at http://dev.mysql.com/doc/refman/5.1/en/mysql-commands.html