Bug #26941 mysql client - disable system commands via switch - patch included
Submitted: 7 Mar 2007 23:47 Modified: 2 Oct 2009 19:13
Reporter: Sven Tantau Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S4 (Feature request)
Version:all OS:Any (all)
Assigned to: CPU Architecture:Any
Tags: Contribution, mysql client, security feature, shell, system commands
Triage: Triaged: D5 (Feature request)

[7 Mar 2007 23:47] Sven Tantau
Description:
I would like to disable the feature of executing system commands in mysql client as I am sometimes forced to use sql dump files from untrusted sources.

The patch (for version mysql-5.0.34) introduces a new command line switch and an option for my.cnf file.
no-system-cmd = 0/1 (default to 0)

Please double check the suggested patch as it is only a quick 'works for me' solution. I would guess that you want to change the naming; and I think a default to 1 or the specific need to enable the command feature would be nicer.

Thanks

How to repeat:
...as the form validation force me to write something:

Use the patch like this:
cd mysql-5.0.34/
patch -p0 < /path/to/no_system_cmd.patch

Suggested fix:
diff -Naur oldclient/client_priv.h client/client_priv.h
--- oldclient/client_priv.h	2007-03-08 00:14:23.000000000 +0000
+++ client/client_priv.h	2007-03-08 00:14:56.000000000 +0000
@@ -50,6 +50,6 @@
 #endif
   OPT_TRIGGERS,
   OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE,
-  OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT,
+  OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT,OPT_NO_SYSTEM,
   OPT_DEBUG_INFO
 };
diff -Naur oldclient/mysql.cc client/mysql.cc
--- oldclient/mysql.cc	2007-03-08 00:14:23.000000000 +0000
+++ client/mysql.cc	2007-03-08 00:14:43.000000000 +0000
@@ -138,7 +138,7 @@
 	       tty_password= 0, opt_nobeep=0, opt_reconnect=1,
 	       default_charset_used= 0, opt_secure_auth= 0,
                default_pager_set= 0, opt_sigint_ignore= 0,
-               show_warnings= 0;
+               show_warnings= 0, no_system_cmd= 0;
 static volatile int executing_query= 0, interrupted_query= 0;
 static ulong opt_max_allowed_packet, opt_net_buffer_length;
 static uint verbose=0,opt_silent=0,opt_mysql_port=0, opt_local_infile=0;
@@ -200,7 +200,8 @@
 	   com_rehash(String *str, char*), com_tee(String *str, char*),
            com_notee(String *str, char*), com_charset(String *str,char*),
            com_prompt(String *str, char*), com_delimiter(String *str, char*),
-     com_warnings(String *str, char*), com_nowarnings(String *str, char*);
+     com_warnings(String *str, char*), com_nowarnings(String *str, char*),
+     com_system_cmd(String *str, char*), com_nosystem_cmd(String *str, char*);
 
 #ifdef USE_POPEN
 static int com_nopager(String *str, char*), com_pager(String *str, char*),
@@ -279,6 +280,10 @@
     "Show warnings after every statement." },
   { "nowarning", 'w', com_nowarnings, 0,
     "Don't show warnings after every statement." },
+  { "system_cmd", 'Y', com_system_cmd,  0,
+    "Enable system command execution." },
+  { "nosystem_cmd", 'y', com_nosystem_cmd, 0,
+    "Disable system command execution." },
   /* Get bash-like expansion for some commands */
   { "create table",     0, 0, 0, ""},
   { "create database",  0, 0, 0, ""},
@@ -757,6 +762,9 @@
   {"show-warnings", OPT_SHOW_WARNINGS, "Show warnings after every statement.",
     (gptr*) &show_warnings, (gptr*) &show_warnings, 0, GET_BOOL, NO_ARG, 
     0, 0, 0, 0, 0, 0},
+  {"no-system-cmd", OPT_NO_SYSTEM, "Disable system command execution.",
+    (gptr*) &no_system_cmd, (gptr*) &no_system_cmd, 0, GET_BOOL, NO_ARG, 
+    0, 0, 0, 0, 0, 0},
   { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -2901,6 +2909,8 @@
 static int
 com_shell(String *buffer, char *line __attribute__((unused)))
 {
+
+  if(no_system_cmd == 1) return 0;
   char *shell_cmd;
 
   /* Skip space from line begin */
@@ -3159,6 +3169,25 @@
   return 0;
 }
 
+
+static int
+com_system_cmd(String *buffer __attribute__((unused)),
+   char *line __attribute__((unused)))
+{
+  no_system_cmd = 0;
+  put_info("System commands enabled.",INFO_INFO);
+  return 0;
+}
+
+static int
+com_nosystem_cmd(String *buffer __attribute__((unused)),
+   char *line __attribute__((unused)))
+{
+  no_system_cmd = 0;
+  put_info("System commands disabled.",INFO_INFO);
+  return 0;
+}
+
 /*
   Gets argument from a command on the command line. If get_next_arg is
   not defined, skips the command and returns the first argument. The
[7 Mar 2007 23:50] Sven Tantau
Quick 'works for me' patch to make it possible to disable command execution in mysql client.

Attachment: no_system_cmd.patch (application/octet-stream, text), 3.28 KiB.

[7 Mar 2007 23:53] Miguel Solorzano
Thank you for the bug report feature request and contribution
patch.
[8 Jun 2009 22:50] liz drachnik
Hello Sven - 

In order for us to continue the process of reviewing your contribution to MySQL - We need you to review and sign the Sun|MySQL contributor agreement (the "SCA")

The process is explained here: 
http://forge.mysql.com/wiki/Sun_Contributor_Agreement

Getting a signed/approved SCA on file will help us facilitate your contribution-- this one, and others in the future.

Thank you ! 

Liz Drachnik  - Program Manager - MySQL
[2 Oct 2009 23:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".