From 7a033b23d0269518303ecbf3da9e848bccb605fa Mon Sep 17 00:00:00 2001 From: Pavel Serikov Date: Wed, 19 Feb 2020 12:58:07 +0300 Subject: [PATCH 1/3] Added Dockerfile, test script and README --- Dockerfile | 16 ++++++++++ README.md | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++ hello_world.sh | 3 ++ 3 files changed, 106 insertions(+) create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 hello_world.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..12d173a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +FROM mariadb + +RUN apt-get update && \ + apt-get install -y \ + gcc \ + libmysqlclient-dev \ + nano \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /root/lib_mysqludf_sys + +COPY lib_mysqludf_sys.c ./ +COPY lib_mysqludf_sys.sql /docker-entrypoint-initdb.d/. +COPY hello_world.sh /home/mysql/hello_world.sh + +RUN gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(mysql_config --plugindir)/lib_mysqludf_sys.so diff --git a/README.md b/README.md new file mode 100644 index 0000000..623d865 --- /dev/null +++ b/README.md @@ -0,0 +1,87 @@ + + +- [DESCRIPTION](#description) +- [FUNCTIONS](#functions) + - [sys_eval](#syseval) + - [sys_exec](#sysexec) + - [sys_get](#sysget) + - [sys_set](#sysset) +- [INSTALLATION](#installation) +- [DOCKER IMAGE](#docker-image) + - [Build](#build) + - [Run](#run) +- [EXAMPLES](#examples) +- [SECUIRITY PRECUTIONS](#secuirity-precutions) + + + +# DESCRIPTION + +Functions that allow to interact with the operating system + +# FUNCTIONS + +## sys_eval + +executes an arbitrary command, and returns it's output + +syntax: `sys_eval(arg1)` + +## sys_exec + +executes an arbitrary command, and returns it's exit code + +syntax: `sys_exec(arg1)` + +## sys_get + +gets the value of an environment variable + +syntax: `sys_get(arg1)` + +## sys_set + +create an environment variable, or update the value of an existing environment variable + +syntax: `sys_set(arg1, arg2)` + +arg1 - name of an environment value + +arg2 - expression that contains the value that is to be assigned to the environment variabl + +# INSTALLATION + +On runnning MySQL server just run `install.sh` script (don't forget to change here mysql root login and password) + +# DOCKER IMAGE + +## Build + +``` +docker build -t mysqludf/sys . +``` + +## Run + +``` +docker run -p 3306:3306 -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysqludf/sys +``` + +# EXAMPLES + +``` +SELECT sys_eval('id') +SELECT sys_eval('echo $HOME') +SELECT sys_eval('~/hello_world.sh') +SELECT sys_eval('bash /root/lib_mysqludf_sys/hello_world.sh') +``` + +# SECUIRITY PRECUTIONS + +UDFs are available to all database users - you cannot grant EXECUTE privileges for them. +As the commandstring passed to `sys_exec` or `sys_eval` can do pretty much everything, +exposing the function poses a very real security hazard. + +Even for a benign user, it is possible to accidentally do a lot of damage with it. +The call will be executed with the privileges of the os user that runs MySQL, +so it is entirely feasible to delete MySQL's data directory, or worse. diff --git a/hello_world.sh b/hello_world.sh new file mode 100644 index 0000000..4680f51 --- /dev/null +++ b/hello_world.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh +whoami +echo "Hello world" From 2cbc81b42ae73c18b2391660ed1a303dfc87418f Mon Sep 17 00:00:00 2001 From: Pavel Serikov Date: Wed, 19 Feb 2020 13:12:46 +0300 Subject: [PATCH 2/3] Added shields to README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 623d865..bcd3382 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +![docker-automated](https://img.shields.io/docker/automated/pavelsr/mysqludf_sys) +![docker-build](https://img.shields.io/docker/build/pavelsr/mysqludf_sys) + - [DESCRIPTION](#description) From 002ad23840fd9c82094faf0be344fc2417542290 Mon Sep 17 00:00:00 2001 From: Pavel Serikov Date: Wed, 19 Feb 2020 13:24:04 +0300 Subject: [PATCH 3/3] Fixed misprint and badges --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bcd3382..1fbfc44 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ -![docker-automated](https://img.shields.io/docker/automated/pavelsr/mysqludf_sys) -![docker-build](https://img.shields.io/docker/build/pavelsr/mysqludf_sys) +![docker-cloud-automated](https://img.shields.io/docker/cloud/automated/pavelsr/mysqludf_sys) +![docker-cloud-build](https://img.shields.io/docker/cloud/build/pavelsr/mysqludf_sys) +![docker-stars](https://img.shields.io/docker/stars/pavelsr/mysqludf_sys) +![docker-pulls](https://img.shields.io/docker/pulls/pavelsr/mysqludf_sys) @@ -14,7 +16,7 @@ - [Build](#build) - [Run](#run) - [EXAMPLES](#examples) -- [SECUIRITY PRECUTIONS](#secuirity-precutions) +- [SECUIRITY PRECAUTIONS](#secuirity-precautions) @@ -79,7 +81,7 @@ SELECT sys_eval('~/hello_world.sh') SELECT sys_eval('bash /root/lib_mysqludf_sys/hello_world.sh') ``` -# SECUIRITY PRECUTIONS +# SECUIRITY PRECAUTIONS UDFs are available to all database users - you cannot grant EXECUTE privileges for them. As the commandstring passed to `sys_exec` or `sys_eval` can do pretty much everything,