Avoid local attack through Mysql

Mysql,as we have known, is a very popular DBMS (Database Management System),includes 4 types: * MySQL Standard includes the standard storage engine, as well as the InnoDB storage engine, which is touted as a “transaction-safe, ACID-compliant database” with some additional features over the standard version. * MySQL Pro is the commercial version. * MySQL Max includes the more technologically advanced features that are available during early access programs. * MySQL Classic is the standard storage engine without the InnoDB engine. This is another commercial version. For increasing usability, the Mysql developer team have added some functions which is vulnerable for server [login to view URL] probably have heard about Local attack method through [login to view URL] try an example: (In this example,I suppose attacker had owned one mysql account which had rights to create,edit,and add/remove DB on server) By creating a table like this : use atttacker; Create table readfile(text LONGTEXT); Insert into readfile values(loadfile('/etc/passwd'); As you can see,the result is : Select * from readfile; root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ident:x:100:101::/home/ident:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin Some probably wonder : "Oops,Why could the attacker exploit my server although I had already hardened it carefully ,Safe_mod on ,open_basedir set,System funcions had been disable?".This could be your administrator had forgotten or had not care enough about this [login to view URL] problem here is web need to find out the risk from mysql's usability ,on the view of customers(in case you are managing a shared-host enviroment). "Do they really need those functions?" "How could an attacker do when they had an account in mysql" You can find a solution and deploy it after answering two questions [login to view URL] have a look on mysql's functions. Which one could be the most danger? First,consider load_file() [login to view URL] one structure is LOAD_FILE(file_name) .This is used to read a file content and return as a [login to view URL] mysql manual pages,you can see its' requirements : " To use this function, the file must be located on the server host, you must specify the full pathname to the file, and you must have the FILE privilege. The file must be readable by all and its size less than max_allowed_packet bytes. " To read a file through mysql,user must has File Privilege,then this file must be readable by [login to view URL] are two golden keys for us,poor sysadmin,to prevent the [login to view URL] a normal customer,when they need to manipulate file, there are 2 cases: [login to view URL] php ,perl,or Cgi,asp,file manager in hosting control panel [login to view URL] directly through FTP So it is not necessary for a normal customer to own File [login to view URL] preventing this risk ,simply you can disable File privilege all users in mysql The next one is "load data infile" function : "LOAD DATA [LOW_PRIORITY | CONCURRENT] [LOCAL] INFILE 'file_name' [REPLACE | IGNORE] INTO TABLE tbl_name [FIELDS [TERMINATED BY 'string'] [[OPTIONALLY] ENCLOSED BY 'char'] [ESCAPED BY 'char'] ] [LINES [STARTING BY 'string'] [TERMINATED BY 'string'] ] [IGNORE number LINES] [(col_name,...)] " (This mini-article considers you have already know about mysql [login to view URL] we don't metion about the use or its' structure). This one is the same with load_file() but the speed is [login to view URL],this one has one more keyword is "local". In case "local" had been added in [login to view URL] would read file in the client and sent it to [login to view URL] vast majaority servers set up mysql on localhost (themselves) so that it isn't important to has it or [login to view URL] its' requirement: "For security reasons, when reading text files located on the server, the files must either reside in the database directory or be readable by all. Also, to use LOAD DATA INFILE on server files, you must have the FILE privilege " Also,the File Privil is the most important key to prevent this rick. About dumping file on server ,it's not really popular so it's not important to discuss about it here. Conclusion: Mysql is a really ,really powerful DBMS for its' Power,speed,and usabilities but for so many unneeded functions make it become potential risk to [login to view URL] you can earn a litle bit experience to improve sercurity for yourself