php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #80329 Add option to specify LOAD DATA LOCAL white list folder (including libmysql)
Submitted: 2020-11-06 16:30 UTC Modified: 2021-01-24 20:17 UTC
From: marines@php.net Assigned: marines (profile)
Status: Closed Package: mysql (PECL)
PHP Version: 7.4.12 OS: any
Private report: No CVE-ID: None
 [2020-11-06 16:30 UTC] marines@php.net
Description:
------------
In previous versions we disabled LOAD DATA LOCAL by default. A user needs to give an option to enable this functionality. This worklog seeks to improve the security of this option further by allowing a user to specify a folder that is safe to upload files from.

Functional requirements:
FR1: MySQL connectors will provide an option that allows the user to specify a folder where files that can be sent via LOAD DATA LOCAL can exist.

FR2: The following grid shows the usage scenarios and are are attempting to match the behavior of libmysqlclient here.

--------------------------------------------------------------------------------------------
enableLoadLocal | allowLoadLocalInfileInPath  | result
--------------------------------------------------------------------------------------------
true            | empty string or null        | all uploads allowed
true            | set to path                 | all uploads allowed -- path not respected
false           | empty string or null        | no uploads allowed
false           | set to path                 | uploads from that subtree only allowed
--------------------------------------------------------------------------------------------

FR3: The connector shall allow files to come from a "proper" subfolder of the restricted folder. however, symlinks or navigational symbols must not be used in either element. For example, if I set /tmp as my restricted folder, then file requests for /tmp/myfile and /tmp/myfolder/myfile should succeed. However requests for /tmp/../somefolder/myfile must not succeed.


implementation details:

0) There will be added following options, accordingly:
a) mysqli
'mysqli.local_infile_directory'
to be consistent with existing option 'mysqli.allow_local_infile'.

b) pdo_mysql
'PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY'
to be consistent with existing option 'PDO::MYSQL_ATTR_LOCAL_INFILE'.


Type of the new option is 'string'.

1) libmysql for mysqli / pdo_mysql
...will be supported as well regarding new option (by passing the related flag to lib)

usage e.g.:
--with-mysqli=/home/marines/server/8.0/bin/mysql_config
it has to find headers, not only the lib

accordingly for pdo_mysql
--with-pdo-mysql=/home/marines/server/8.0/bin/mysql_config


in code such parts can be found around #ifdefs like:
#if !defined(MYSQLI_USE_MYSQLND)
or
#ifndef PDO_USE_MYSQLND

2) open_basedir
...will be always respected (as currently), no matter what the values of local infile options are.
The new option 'local infile directory' may make access just more restricted.

related link:
https://www.php.net/manual/en/ini.core.php#ini.open-basedir

3) resolving paths
We will use an existing function to resolve allowed paths, e.g.
https://php-lxr.adamharvey.name/source/xref/master/main/fopen_wrappers.c#php_check_specific_open_basedir

4) info regarding libmysql
The support for libmysql seems to be heavily neglected. It doesn't build with mysql8 at all. Many changes will be needed to make it buildable, still keeping support for so far supported 5.x versions.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-06 16:30 UTC] marines@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: marines
 [2021-01-24 20:17 UTC] marines@php.net
pull request
https://github.com/php/php-src/pull/6448
 [2021-02-23 08:33 UTC] nikic@php.net
Automatic comment on behalf of dariusz.slusarczyk@oracle.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=da011a312a6c6cd7ff12fe1aa0de1e33fba2f167
Log: Fix #80329: Add option to specify LOAD DATA LOCAL white list folder
 [2021-02-23 08:33 UTC] nikic@php.net
-Status: Analyzed +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 09:03:14 2021 UTC