DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(mysql.info) udf-security

Info Catalog (mysql.info) udf-compiling (mysql.info) adding-udf 
 
 24.2.4.6 User-Defined Function Security Precautions
 ...................................................
 
 MySQL takes the following measures to prevent misuse of user-defined
 functions.
 
 You must have the `INSERT' privilege to be able to use `CREATE
 FUNCTION' and the `DELETE' privilege to be able to use `DROP FUNCTION'.
 This is necessary because these statements add and delete rows from the
 `mysql.func' table.
 
 UDFs should have at least one symbol defined in addition to the `xxx'
 symbol that corresponds to the main `xxx()' function. These auxiliary
 symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()',
 `xxx_clear()', and `xxx_add()' functions. As of MySQL 5.0.3, `mysqld'
 supports an -allow-suspicious-udfs option that controls whether UDFs
 that have only an `xxx' symbol can be loaded. By default, the option is
 off, to prevent attempts at loading functions from shared object files
 other than those containing legitimate UDFs. If you have older UDFs
 that contain only the `xxx' symbol and that cannot be recompiled to
 include an auxiliary symbol, it may be necessary to specify the
 -allow-suspicious-udfs option. Otherwise, you should avoid enabling
 this capability.
 
 UDF object files cannot be placed in arbitrary directories.  They must
 be located in some system directory that the dynamic linker is
 configured to search. To enforce this restriction and prevent attempts
 at specifying pathnames outside of directories searched by the dynamic
 linker, MySQL checks the shared object file name specified in `CREATE
 FUNCTION' statements for pathname delimiter characters. As of MySQL
 5.0.3, MySQL also checks for pathname delimiters in filenames stored in
 the `mysql.func' table when it loads functions.  This prevents attempts
 at specifying illegitimate pathnames through direct manipulation of the
 `mysql.func' table. For information about UDFs and the runtime linker,
 see  udf-compiling.
Info Catalog (mysql.info) udf-compiling (mysql.info) adding-udf
automatically generated byinfo2html