[MDEV-26870] skip-symbolic-links does not prevent the use of symbolic links. - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2, 10.8.1
Component/s: Storage Engine - InnoDB
Labels:
None

Description

I can disable the the ability to use symbolic links for files by setting skip-symbolic-links

I can test that this condition is on with the following query:

select @@have_symlink;

+----------------+

| @@have_symlink |

+----------------+

| DISABLED       |

+----------------+

This setting does not prevent the use of symbolic links. I have tested symbolic links for subdirectories of datadir and for individual files. I have tested the following versions:

10.5.12-8-MariaDB-enterprise
10.6.4-1-MariaDB-enterprise
10.5.12-MariaDB-1:10.5.12+maria~buster (community)

Attachments

Activity

Ascending order - Click to sort in descending order

View 7 older comments

Marko Mäkelä added a comment - 2022-01-14 15:33

The implementation of the DATA DIRECTORY attribute for InnoDB in MySQL 5.6 included at least the following questionable changes:

Introduced SYS_TABLESPACES and SYS_DATAFILES tables that only serve as an additional source of metadata mismatch. (Removed in ~~MDEV-22343~~.)
Unnecessarily introduced .isl files. A proper implementation would simply have refused the operation if the symlink cannot be created, for whatever reason. It should not be rocket science to determine which optional APIs on Microsoft Windows are available.
Introduced an extra level of directory hierarchy (incompatibility with other storage engines).
CREATE DATABASE a;
CREATE TABLE a.b(c INT) ENGINE=InnoDB DATA DIRECTORY '/d';
DROP DATABASE a;
This example would create and not remove the subdirectory /d/a because the data file would have been not /d/b.ibd but /d/a/b.idb.

I wish MariaDB had not copied this from MySQL. I fully agree that it is a good idea for administrators to be able to disable the use of the DATA DIRECTORY attribute for InnoDB tables.

serg, wlad, how should InnoDB implement this check? By referring to the variable my_disable_symlinks? Or have_symlink? No storage engine is checking this option directly.

I suppose that we may enforce the check on CREATE TABLE and on ALTER TABLE that explicitly mentions DATA DIRECTORY. Would we also want to refuse all table-rebuilding operations (OPTIMIZE, TRUNCATE, ALTER) if the table has been defined with a DATA DIRECTORY attribute?

Marko Mäkelä added a comment - 2022-01-14 15:33 The implementation of the DATA DIRECTORY attribute for InnoDB in MySQL 5.6 included at least the following questionable changes: Introduced SYS_TABLESPACES and SYS_DATAFILES tables that only serve as an additional source of metadata mismatch. (Removed in MDEV-22343 .) Unnecessarily introduced .isl files. A proper implementation would simply have refused the operation if the symlink cannot be created, for whatever reason. It should not be rocket science to determine which optional APIs on Microsoft Windows are available. Introduced an extra level of directory hierarchy (incompatibility with other storage engines). CREATE DATABASE a; CREATE TABLE a.b(c INT ) ENGINE=InnoDB DATA DIRECTORY '/d' ; DROP DATABASE a; This example would create and not remove the subdirectory /d/a because the data file would have been not /d/b.ibd but /d/a/b.idb . I wish MariaDB had not copied this from MySQL. I fully agree that it is a good idea for administrators to be able to disable the use of the DATA DIRECTORY attribute for InnoDB tables. serg , wlad , how should InnoDB implement this check? By referring to the variable my_disable_symlinks ? Or have_symlink ? No storage engine is checking this option directly. I suppose that we may enforce the check on CREATE TABLE and on ALTER TABLE that explicitly mentions DATA DIRECTORY . Would we also want to refuse all table-rebuilding operations ( OPTIMIZE , TRUNCATE , ALTER ) if the table has been defined with a DATA DIRECTORY attribute?

Sergei Golubchik added a comment - 2022-01-14 17:59

marko, it's my_use_symdir and ha_myisam.cc and ha_archive.cc test it.

And if you want to switch to real symlinks, you'll need to keep supporting isl files for a while still. At least support reading of them.

Sergei Golubchik added a comment - 2022-01-14 17:59 marko , it's my_use_symdir and ha_myisam.cc and ha_archive.cc test it. And if you want to switch to real symlinks, you'll need to keep supporting isl files for a while still. At least support reading of them.

Marko Mäkelä added a comment - 2022-01-20 10:35

I think that using proper symbolic links and removing the mkdir calls would be a separate task and not something that can be done in a GA release, because it would change the file format and therefore break downgrade to earlier versions.

Marko Mäkelä added a comment - 2022-01-20 10:35 I think that using proper symbolic links and removing the mkdir calls would be a separate task and not something that can be done in a GA release, because it would change the file format and therefore break downgrade to earlier versions.

Marko Mäkelä added a comment - 2022-01-20 14:21

I would implement this as follows:

CREATE TABLE…DATA DIRECTORY would return an error when skip-symbolic-links is in effect.
Any table rebuild operation except TRUNCATE TABLE as well as some non-rebuilding ALTER TABLE or CREATE INDEX would return an error if a DATA DIRECTORY attribute is present.
RENAME TABLE will keep working even if a DATA DIRECTORY attribute is present.
DROP TABLE will be allowed.

It turns out that ALTER TABLE t1 FORCE, DATA DIRECTORY '…' will not add a DATA DIRECTORY attribute, even when the FORCE clause is present.

Marko Mäkelä added a comment - 2022-01-20 14:21 I would implement this as follows: CREATE TABLE…DATA DIRECTORY would return an error when skip-symbolic-links is in effect. Any table rebuild operation except TRUNCATE TABLE as well as some non-rebuilding ALTER TABLE or CREATE INDEX would return an error if a DATA DIRECTORY attribute is present. RENAME TABLE will keep working even if a DATA DIRECTORY attribute is present. DROP TABLE will be allowed. It turns out that ALTER TABLE t1 FORCE, DATA DIRECTORY '…' will not add a DATA DIRECTORY attribute, even when the FORCE clause is present.

Sergei Golubchik added a comment - 2022-01-21 13:14

c1d7b4575e6 is ok to push

Sergei Golubchik added a comment - 2022-01-21 13:14 c1d7b4575e6 is ok to push

People

Assignee:: Marko Mäkelä

Reporter:: Edward Stoever

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2021-10-20 22:20

Updated:: 2024-07-07 21:01

Resolved:: 2022-01-21 14:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server