User-defined Functions Security

The MariaDB server imposes a number of limitations on user-defined functions for security purposes.

  • The INSERT privilege for the mysql database is required to run CREATE FUNCTION, as a record will be added to the mysql.func-table.
  • The DELETE privilege for the mysql database is required to run DROP FUNCTION as the corresponding record will be removed from the mysql.func-table.
  • UDF object files can only be placed in the plugin directory, as specified by the value of the plugin_dir system variable.
  • At least one symbol, beyond the required x() - corresponding to an SQL function X()) - is required. These can be x_init(), x_deinit(), xxx_reset(), x_clear() and x_add() functions (see Creating User-defined Functions). The allow-suspicious-udfs mysqld option (by default unset) provides a workaround, permitting only one symbol to be used. This is not recommended, as it opens the possibility of loading shared objects that are not legitimate user-defined functions.

Comments

Comments loading...
Loading