Command execution with a MySQL UDF

Modern database management systems are powerful applications: they provide several instruments to interact with the underlying operating system.

On MySQL it is possible to create a User-Defined Function to execute commands on the underlying operating system. Marco Ivaldi demonstrated that some years ago. His raptor_udf2.c works well, but it has two limitations:

It is not MySQL 5.0+ compliant because it does not follow the new guidelines to create a proper UDF.
It calls C function system() to execute the command and returns always integer 0.
These limitations make the UDF almost useless on recent MySQL server installations if the database administrator wants to get the exit status of the command as UDF output or the command standard output itself.

I recently came across an open repository of MySQL User-Defined Functions maintained by Roland Bouman and other developers. One of their codes kept my attention: lib_mysqludf_sys (version 0.0.2) which implements three different functions to interact with the underlying environement:

sys_exec: executes an arbitrary command, and can thus be used to launch an external application.
sys_get: gets the value of an environment variable.
sys_set: create an environment variable, or update the value of an existing environment variable.
The first function can be used to execute operating system commands and has two advantages over raptor's UDF:

It is MySQL 5.0+ compliant and it compiles on both Linux as a shared object and on Windows as a dynamic-link library.
It returns the exit status of the executed command.
However, none of these two functions return the command standard output so I took some time to patch this last source code adding a sys_eval() UDF to return the standard output of the command if it success, NULL otherwise.

The patched source code can be found on sqlmap subversion repository here and a single patch file for the original lib_mysqludf_sys version 0.0.2 is available here.

Usage example:

$ wget --no-check-certificate https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.tar.gz
$ tar xfz lib_mysqludf_sys_0.0.3.tar.gz
$ cd lib_mysqludf_sys_0.0.3
$ sudo ./install.sh
Compiling the MySQL UDF
gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o /usr/lib/lib_mysqludf_sys.so
MySQL UDF compiled successfully

Please provide your MySQL root password
Enter password:
MySQL UDF installed successfully
$ mysql -u root -p mysql
Enter password:
[...]
mysql> Select sys_eval('id');
+--------------------------------------------------+
| sys_eval('id') |
+--------------------------------------------------+
| uid=118(mysql) gid=128(mysql) groups=128(mysql) |
+--------------------------------------------------+
1 row in set (0.02 sec)

mysql> Select sys_exec('touch /tmp/test_mysql');
+-----------------------------------+
| sys_exec('touch /tmp/test_mysql') |
+-----------------------------------+
| 0 |
+-----------------------------------+
1 row in set (0.02 sec)

mysql> exit
Bye
$ ls -l /tmp/test_mysql
-rw-rw---- 1 mysql mysql 0 2009-01-16 23:18 /tmp/test_mysql下载文件 点击下载此文件


[本日志由 friddy 于 2009-02-03 01:09 PM 编辑]
文章来自: Bernardo Damele AG
引用通告: 查看所有引用 | 我要引用此文章
Tags:
评论: 31 | 引用: 0 | 查看次数: 11111
回复回复Rosemarie[2018-03-13 01:12 AM | del]
The Six Senses Zighy Bay Resort delivers a variety of gorgeous villas with private pools, personal comfort and butler service.
回复回复Marylyn[2017-12-08 04:09 AM | del]
Para conquistar concertos ou substituição grátis, remeta produto com defeito ao direção da Irwin localizado na pacote das ferramentas.
回复回复Justin[2017-06-28 08:08 AM | del]
You're an extremely helpful web site; couldn't make it without ya!
回复回复Barrett[2017-04-08 03:09 AM | del]
Surprisingly user pleasant website. Tremendous details offered on couple of gos to.
回复回复Donnie[2017-04-03 12:48 AM | del]
Really enlightening looking frontward to coming back again.
回复回复Bobbye[2017-03-22 09:46 AM | del]
You got a very great website, Sword lily I observed it through yahoo.
回复回复Hannah[2017-02-05 07:54 AM | del]
After the Great Enemy ever was defeated, 5 people in Guild Wars 2 got nothing easier to do than fight for more than 250 years against each other.
Dog bladder infections happen with the parts where urine forms and it is excreted out of your body. Must Invest in an Apt Tool: Invest inside the software you will find the best on your need.
回复回复Arnulfo[2017-01-24 01:55 AM | del]
Programming was not as varied as it is today and people spent more time socializing than watching TV.
: Could you tell homeowners how many pieces and what types are in the Jamie Oliver boxed set please. eval(ez_write_tag([[336,280],'brighthub_com-box-1']));.
回复回复Rico[2016-06-19 08:47 PM | del]
Great looking web site. Think you did a lot of your very own html coding.
回复回复Bobbie[2016-06-16 10:03 AM | del]
Let us discuss the advantages of Android as an ideal platform for development of applications:.
with which the Libra daughter is endowed with, natively. These figures do not take the credibility of the Android apps that they are influencing the consumers.
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭