(mysql.info) udf-security
Info Catalog
(mysql.info) udf-compiling
(mysql.info) adding-udf
24.2.4.6 User-Defined Function Security Precautions
...................................................
MySQL takes the following measures to prevent misuse of user-defined
functions.
You must have the `INSERT' privilege to be able to use `CREATE
FUNCTION' and the `DELETE' privilege to be able to use `DROP FUNCTION'.
This is necessary because these statements add and delete rows from the
`mysql.func' table.
UDFs should have at least one symbol defined in addition to the `xxx'
symbol that corresponds to the main `xxx()' function. These auxiliary
symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()',
`xxx_clear()', and `xxx_add()' functions. As of MySQL 5.0.3, `mysqld'
supports an -allow-suspicious-udfs option that controls whether UDFs
that have only an `xxx' symbol can be loaded. By default, the option is
off, to prevent attempts at loading functions from shared object files
other than those containing legitimate UDFs. If you have older UDFs
that contain only the `xxx' symbol and that cannot be recompiled to
include an auxiliary symbol, it may be necessary to specify the
-allow-suspicious-udfs option. Otherwise, you should avoid enabling
this capability.
UDF object files cannot be placed in arbitrary directories. They must
be located in some system directory that the dynamic linker is
configured to search. To enforce this restriction and prevent attempts
at specifying pathnames outside of directories searched by the dynamic
linker, MySQL checks the shared object file name specified in `CREATE
FUNCTION' statements for pathname delimiter characters. As of MySQL
5.0.3, MySQL also checks for pathname delimiters in filenames stored in
the `mysql.func' table when it loads functions. This prevents attempts
at specifying illegitimate pathnames through direct manipulation of the
`mysql.func' table. For information about UDFs and the runtime linker,
see udf-compiling.
Info Catalog
(mysql.info) udf-compiling
(mysql.info) adding-udf
automatically generated byinfo2html