Description:
I would like to disable the feature of executing system commands in mysql client as I am sometimes forced to use sql dump files from untrusted sources.
The patch (for version mysql-5.0.34) introduces a new command line switch and an option for my.cnf file.
no-system-cmd = 0/1 (default to 0)
Please double check the suggested patch as it is only a quick 'works for me' solution. I would guess that you want to change the naming; and I think a default to 1 or the specific need to enable the command feature would be nicer.
Thanks
How to repeat:
...as the form validation force me to write something:
Use the patch like this:
cd mysql-5.0.34/
patch -p0 < /path/to/no_system_cmd.patch
Suggested fix:
diff -Naur oldclient/client_priv.h client/client_priv.h
--- oldclient/client_priv.h 2007-03-08 00:14:23.000000000 +0000
+++ client/client_priv.h 2007-03-08 00:14:56.000000000 +0000
@@ -50,6 +50,6 @@
#endif
OPT_TRIGGERS,
OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE,
- OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT,
+ OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT,OPT_NO_SYSTEM,
OPT_DEBUG_INFO
};
diff -Naur oldclient/mysql.cc client/mysql.cc
--- oldclient/mysql.cc 2007-03-08 00:14:23.000000000 +0000
+++ client/mysql.cc 2007-03-08 00:14:43.000000000 +0000
@@ -138,7 +138,7 @@
tty_password= 0, opt_nobeep=0, opt_reconnect=1,
default_charset_used= 0, opt_secure_auth= 0,
default_pager_set= 0, opt_sigint_ignore= 0,
- show_warnings= 0;
+ show_warnings= 0, no_system_cmd= 0;
static volatile int executing_query= 0, interrupted_query= 0;
static ulong opt_max_allowed_packet, opt_net_buffer_length;
static uint verbose=0,opt_silent=0,opt_mysql_port=0, opt_local_infile=0;
@@ -200,7 +200,8 @@
com_rehash(String *str, char*), com_tee(String *str, char*),
com_notee(String *str, char*), com_charset(String *str,char*),
com_prompt(String *str, char*), com_delimiter(String *str, char*),
- com_warnings(String *str, char*), com_nowarnings(String *str, char*);
+ com_warnings(String *str, char*), com_nowarnings(String *str, char*),
+ com_system_cmd(String *str, char*), com_nosystem_cmd(String *str, char*);
#ifdef USE_POPEN
static int com_nopager(String *str, char*), com_pager(String *str, char*),
@@ -279,6 +280,10 @@
"Show warnings after every statement." },
{ "nowarning", 'w', com_nowarnings, 0,
"Don't show warnings after every statement." },
+ { "system_cmd", 'Y', com_system_cmd, 0,
+ "Enable system command execution." },
+ { "nosystem_cmd", 'y', com_nosystem_cmd, 0,
+ "Disable system command execution." },
/* Get bash-like expansion for some commands */
{ "create table", 0, 0, 0, ""},
{ "create database", 0, 0, 0, ""},
@@ -757,6 +762,9 @@
{"show-warnings", OPT_SHOW_WARNINGS, "Show warnings after every statement.",
(gptr*) &show_warnings, (gptr*) &show_warnings, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0},
+ {"no-system-cmd", OPT_NO_SYSTEM, "Disable system command execution.",
+ (gptr*) &no_system_cmd, (gptr*) &no_system_cmd, 0, GET_BOOL, NO_ARG,
+ 0, 0, 0, 0, 0, 0},
{ 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
};
@@ -2901,6 +2909,8 @@
static int
com_shell(String *buffer, char *line __attribute__((unused)))
{
+
+ if(no_system_cmd == 1) return 0;
char *shell_cmd;
/* Skip space from line begin */
@@ -3159,6 +3169,25 @@
return 0;
}
+
+static int
+com_system_cmd(String *buffer __attribute__((unused)),
+ char *line __attribute__((unused)))
+{
+ no_system_cmd = 0;
+ put_info("System commands enabled.",INFO_INFO);
+ return 0;
+}
+
+static int
+com_nosystem_cmd(String *buffer __attribute__((unused)),
+ char *line __attribute__((unused)))
+{
+ no_system_cmd = 0;
+ put_info("System commands disabled.",INFO_INFO);
+ return 0;
+}
+
/*
Gets argument from a command on the command line. If get_next_arg is
not defined, skips the command and returns the first argument. The