Security Issues with LOAD DATA LOCAL
The LOAD DATA statement can load a file that is located on the server host, or it can load a file that is located on the client host when the LOCAL keyword is specified.
There are two potential security issues with supporting the LOCAL version of LOAD DATA statements:
- The transfer of the file from the client host to the server host is initiated by the MariaDB server. In theory, a patched server could be built that would tell the client program to transfer a file of the server's choosing rather than the file named by the client in the
LOAD DATAstatement. Such a server could access any file on the client host to which the client user has read access. - In a Web environment where the clients are connecting from a Web server, a user could use
LOAD DATA LOCALto read any files that the Web server process has read access to (assuming that a user could run any command against the SQL server). In this environment, the client with respect to the MariaDB server actually is the Web server, not the remote program being run by the user who connects to the Web server.
To deal with these problems, we changed how LOAD DATA LOCAL is handled as of MariaDB 3.23.49 and MariaDB 4.0.2 (4.0.13 on Windows):
- By default, all MariaDB clients and libraries in binary distributions are compiled with the
-DENABLED_LOCAL_INFILE=1option, to be compatible with MariaDB 3.23.48 and before. - If you build MariaDB from source but do not invoke CMake with the
-DENABLED_LOCAL_INFILE=1option,LOAD DATA LOCALcannot be used by any client unless it is written explicitly to invokemysql_options(... MYSQL_OPT_LOCAL_INFILE, 0). See , "mysql_options()". - You can disable all
LOAD DATA LOCALstatements from the server side by starting mysqld with the--local-infile=0option. - For the mysql command-line client, enable
LOAD DATA LOCALby specifying the--local-infile[=1]option, or disable it with the--local-infile=0option. For mysqlimport, local data file loading is off by default; enable it with the--localor-Loption. In any case, successful use of a local load operation requires that the server permits it. - If you use
LOAD DATA LOCALin Perl scripts or other programs that read the[client]group from option files, you can add thelocal-infile=1option to that group. However, to keep this from causing problems for programs that do not understandlocal-infile, specify it using theloose-prefix:[client] loose-local-infile=1
- If
LOAD DATA LOCALis disabled, either in the server or the client, a client that attempts to issue such a statement receives the following error message: