User-Defined Functions Security

The MariaDB server imposes a number of limitations on user-defined functions for security purposes.

  • The INSERT privilege for the mysql database is required to run CREATE FUNCTION, as a record will be added to the mysql.func-table.
  • The DELETE privilege for the mysql database is required to run DROP FUNCTION as the corresponding record will be removed from the mysql.func-table.
  • UDF object files can only be placed in the plugin directory, as specified by the value of the plugin_dir system variable.
  • At least one symbol, beyond the required x() - corresponding to an SQL function X()) - is required. These can be x_init(), x_deinit(), xxx_reset(), x_clear() and x_add() functions (see Creating User-defined Functions). The allow-suspicious-udfs mariadbd option (by default unset) provides a workaround, permitting only one symbol to be used. This is not recommended, as it opens the possibility of loading shared objects that are not legitimate user-defined functions.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.