Bug #26941 mysql client - disable system commands via switch - patch included
Submitted: 7 Mar 2007 23:47 Modified: 2 Oct 2009 19:13
Reporter: Sven Tantau Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S4 (Feature request)
Version:all OS:Any (all)
Assigned to: CPU Architecture:Any
Tags: Contribution, mysql client, security feature, shell, system commands

File: Maximum allowed size is 3MB.
Description:
Privacy:

If the data you need to attach is more than 3MB, you should create a compressed archive of the data and a README file that describes the data with a filename that includes the bug number (recommended filename: mysql-bug-data-26941.zip) and upload one to sftp.oracle.com. A free Oracle Web (SSO) account (the one you use to login bugs.mysql.com) and a client that supports SFTP are required in order to access the SFTP server.

To upload the file to sftp.oracle.com:

  1. Open an SFTP client and connect to sftp.oracle.com. Specify port 2021 and remote directory /support/incoming/.
  2. Log in with your newly created Oracle Web account (email address) and password.
  3. Upload the archive to /support/incoming.
  4. Once you have uploaded the file, add a comment to this bug to notify us about it.
Example: sftp -oPort=2021 -oUser=email sftp.oracle.com:/support/incoming

Usage Notes: This directory is unlistable, which means that once you have uploaded your file, you will not be able to see it. A file cannot be uploaded more than once with the same filename. The filename must be changed before attempting to upload the file again. The filename should always start with mysql-bug- prefix. Files are retained on the SFTP server for 7 days and then permanently removed.

[7 Mar 2007 23:50] Sven Tantau
Quick 'works for me' patch to make it possible to disable command execution in mysql client.

Attachment: no_system_cmd.patch (application/octet-stream, text), 3.28 KiB.