Skip to main content

Posts

Showing posts from September, 2016

Common Table Expressions in MySQL

In a recent labs release a new feature was introduced by Oracle, or actually two very related new features were introduced. The first new feature is Common Table Expressions (CTEs), which is also known as WITH . The second feature is recursive CTEs, also known as WITH RECURSIVE . An example of WITH : WITH non_root_users AS (SELECT User, Host FROM mysql.user WHERE User<>'root') SELECT Host FROM non_root_users WHERE User = ? The non-CTE equivalent is this: SELECT Host FROM (SELECT User, Host FROM mysql.user WHERE User<>'root') non_root_users WHERE User = ? This makes it easier to understand the query, especially if there are many subqueries. Besides using regular subqueries or CTEs you could also put the subquery in a view, but this requires more privileges. It is also difficult to change the views later on as other quieries might have started to use them. But views are still very useful. You can make it easier for others to query data or you can ...
Post a Comment
Read more

About Oracle MySQL and CVE-2016-6662

The issue On 12 September 2016 (three days ago) a MySQL security vulnerability was announced. The CVE id is CVE-2016-6662 . There are 3 claims: By setting malloc-lib in the configuration file access to an OS root shell can be gained. By using the general log a configuration file can be written in any place which is writable for the OS mysql user. By using SELECT...INTO DUMPFILE... it is possible to elevate privileges from a database user with the FILE privilege to any database account including root. How it is supposed to be used Find an SQL Injection in a website or otherwise gain access to a MySQL account. Now create a trigger file (requires FILE privilege) Now in the trigger or otherwise use SET GLOBAL general_log_file etc to create a my.cnf in the datadir with the correct privileges. Directly using SELECT...INTO DUMPFILE...won't work as that would result in the wrong permissions, which would cause mysqld/mysqld_safe to ignore that file. Now wait someone/somethi...
Post a Comment
Read more

Visualizing the MySQL Bug Tide

On the MySQL Bugs website there are some tide stats available. These show rate of bug creation. I've put them in a graph: I made these with this IPython Notebook . There are more detailed graphs per version in the notebook. Update: The version in the notebook now uses the same range for the Y axis and has a marker for the GA dates of each release.
5 comments
Read more