Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-305

Add LOAD DATA LOCAL INFILE security filter function

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0-RC
    • Other
    • None

    Description

      Problem is using "LOAD DATA LOCAL INFILE" (ie : loading a file from client), may be a security problem :

      • if server sources has been changed, server mays asked for a different file than the file in query.
      • if someone has can execute query from client, he can have access to any file on client (according to the rights of the user running the client process).

      Solution is to add a callback function that can validate file /directory structure.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          diego dupin Diego Dupin created issue -
          diego dupin Diego Dupin made changes -
          Field Original Value New Value
          Fix Version/s 1.5.0 [ 19607 ]
          diego dupin Diego Dupin made changes -
          Summary improve LOAD DATA LOCAL INFILE Add LOAD DATA LOCAL INFILE security filter function
          wlad Vladislav Vaintroub added a comment - - edited

          The actual threat is a "man in the middle", some kind of mysqld proxy server, that would redirect queries to the actual server, and return the correct resuls, so user does not notice, but also read all files from your disk that are readable by JDBC running proces. To accomplish this, it would just need to send additional "give me that file" packet that is usually sent by LOAD DATA LOCAL INFILE.

          wlad Vladislav Vaintroub added a comment - - edited The actual threat is a "man in the middle", some kind of mysqld proxy server, that would redirect queries to the actual server, and return the correct resuls, so user does not notice, but also read all files from your disk that are readable by JDBC running proces. To accomplish this, it would just need to send additional "give me that file" packet that is usually sent by LOAD DATA LOCAL INFILE.
          diego dupin Diego Dupin made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          diego dupin Diego Dupin added a comment -

          commit : https://github.com/MariaDB/mariadb-connector-j/commit/ee647fb798359ef79f335ac04f7b5ab9c8048256

          diego dupin Diego Dupin added a comment - commit : https://github.com/MariaDB/mariadb-connector-j/commit/ee647fb798359ef79f335ac04f7b5ab9c8048256
          diego dupin Diego Dupin made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 75798 ] MariaDB v4 [ 128299 ]

          People

            diego dupin Diego Dupin
            diego dupin Diego Dupin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.