server, sessionctx: add multi statement workaround (#22351) #22468
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
|
/run-all-tests |
ti-srebot
requested review from
AilinKid,
bb7133,
tiancaiamao,
xhebox and
zz-jason
|
@morgo please accept the invitation then you can push to the cherry-pick pull requests. |
|
|
|
/run-all-tests |
|
LGTM |
ti-srebot
added
status/LGT2
bb7133
approved these changes
Jan 27, 2021
|
/merge |
ti-srebot
added
the
status/can-merge
|
Your auto merge job has been accepted, waiting for:
|
|
/run-all-tests |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cherry-pick #22351 to release-4.0
You can switch your code base to this Pull Request by using git-extras:
# In tidb repo: git pr https://github.com/pingcap/tidb/pull/22468After apply modifications, you can push your change to this PR via:
What problem does this PR solve?
Problem Summary:
v4.0.9 shipped with a fix for a server protocol vulnerability: #19459
It can be worked around by changing client library settings, but that's not always easy given each client library is different. This provides a server workaround as well, which adjusts from an error to a warning by default.
What is changed and how it works?
A new sysvar is added, called
tidb_multi_statement_mode(scope: SESSION or GLOBAL). The type is anENUM:OFF: the MySQL compatible/safest behavior. Multi-statement is not permitted unless the client sets the multi-statement attribute. An error is returned.ON: Multi-statement is permitted without errors or warnings.WARN(default): Multi-statement is permitted, but returns a warning.Thus, the "4.0.8 and earlier" behavior can be restored with "ON". The 4.0.9 and 4.0.10 behavior is effectively "OFF".
Both the warning and error message is as follows:
The intention is to change the default from
WARNback toOFFin a 4.0-series release in the short future, so users are safe-by-default. In order to do this, SQL client error tracking will have to be added (see #14433 ). This PR ensures that this error uses the unique code of8030so that deployment tools can check if a user depends on the unsafe behavior before attempting to upgrade them.Related changes
Check List
Tests
Side effects
Release note
COM_QUERYpacket, leading to increased risk of SQL injection. To provide backwards compatibility for applications that depend on this behavior, a new optiontidb_multi_statement_modehas been added. Assuming you understand the security risks, you can revert to the 4.0.8 by executingSET GLOBAL tidb_multi_statement_mode='ON'. The default behavior oftidb_multi_statement_modealso relaxes the error introduced in 4.0.9 to a warning. It is intended to be changed to an error again in a future release.