Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14415337
D19999.id47747.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D19999.id47747.diff
View Options
diff --git a/src/applications/config/check/PhabricatorMySQLSetupCheck.php b/src/applications/config/check/PhabricatorMySQLSetupCheck.php
--- a/src/applications/config/check/PhabricatorMySQLSetupCheck.php
+++ b/src/applications/config/check/PhabricatorMySQLSetupCheck.php
@@ -382,6 +382,34 @@
new PhutilNumber($delta)));
}
+ $local_infile = $ref->loadRawMySQLConfigValue('local_infile');
+ if ($local_infile) {
+ $summary = pht(
+ 'The MySQL "local_infile" option is enabled. This option is '.
+ 'unsafe.');
+
+ $message = pht(
+ 'Your MySQL server is configured with the "local_infile" option '.
+ 'enabled. This option allows an attacker who finds an SQL injection '.
+ 'hole to escalate their attack by copying files from the webserver '.
+ 'into the database with "LOAD DATA LOCAL INFILE" queries, then '.
+ 'reading the file content with "SELECT" queries.'.
+ "\n\n".
+ 'You should disable this option in your %s file, in the %s section:'.
+ "\n\n".
+ '%s',
+ phutil_tag('tt', array(), 'my.cnf'),
+ phutil_tag('tt', array(), '[mysqld]'),
+ phutil_tag('pre', array(), 'local_infile=0'));
+
+ $this->newIssue('mysql.local_infile')
+ ->setName(pht('Unsafe MySQL "local_infile" Setting Enabled'))
+ ->setSummary($summary)
+ ->setMessage($message)
+ ->setDatabaseRef($ref)
+ ->addMySQLConfig('local_infile');
+ }
+
}
protected function shouldUseMySQLSearchEngine() {
diff --git a/src/applications/config/check/PhabricatorPHPConfigSetupCheck.php b/src/applications/config/check/PhabricatorPHPConfigSetupCheck.php
--- a/src/applications/config/check/PhabricatorPHPConfigSetupCheck.php
+++ b/src/applications/config/check/PhabricatorPHPConfigSetupCheck.php
@@ -112,6 +112,42 @@
->setMessage($message);
}
+
+ if (extension_loaded('mysqli')) {
+ $infile_key = 'mysqli.allow_local_infile';
+ } else {
+ $infile_key = 'mysql.allow_local_infile';
+ }
+
+ if (ini_get($infile_key)) {
+ $summary = pht(
+ 'Disable unsafe option "%s" in PHP configuration.',
+ $infile_key);
+
+ $message = pht(
+ 'PHP is currently configured to honor requests from any MySQL server '.
+ 'it connects to for the content of any local file.'.
+ "\n\n".
+ 'This capability supports MySQL "LOAD DATA LOCAL INFILE" queries, but '.
+ 'allows a malicious MySQL server read access to the local disk: the '.
+ 'server can ask the client to send the content of any local file, '.
+ 'and the client will comply.'.
+ "\n\n".
+ 'Although it is normally difficult for an attacker to convince '.
+ 'Phabricator to connect to a malicious MySQL server, you should '.
+ 'disable this option: this capability is unnecessary and inherently '.
+ 'dangerous.'.
+ "\n\n".
+ 'To disable this option, set: %s',
+ phutil_tag('tt', array(), pht('%s = 0', $infile_key)));
+
+ $this->newIssue('php.'.$infile_key)
+ ->setName(pht('Unsafe PHP "Local Infile" Configuration'))
+ ->setSummary($summary)
+ ->setMessage($message)
+ ->addPHPConfig($infile_key);
+ }
+
}
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Dec 25, 5:46 PM (11 h, 29 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6924484
Default Alt Text
D19999.id47747.diff (3 KB)
Attached To
Mode
D19999: Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client)
Attached
Detach File
Event Timeline
Log In to Comment