I reviewed mysql-router 8.0.19-0ubuntu2 as checked into focal (when this review
started). This shouldn't be considered a full audit but rather a quick gauge of
maintainability.
mysql-router is a binary package from mysql-8.0 that is responsible for routing
connections from MySQL clients to MySQL servers. As mentioned previously, only
mysql-router is missing in main from mysql-8.0 source package.
- No CVE History:
- Build-Depends
- libc6 (>= 2.28)
- libevent-core-2.1-7 (>= 2.1.8-stable)
- libevent-extra-2.7-7 (>= 2.1.8-stable)
- libevent-openssl-2.7-7 (>= 2.1.8-stable)
- libgcc1
- liblz4-1
- libssl1.1
- libstdc++6
- zlib1g
- No pre/post rm and pre/post inst scripts.
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH
- /usr/bin/mysqlrouter
- /usr/bin/mysqlrouter_keyring
- /usr/bin/mysqlrouter_passwd
- /usr/bin/mysqlrouter_plugin_info
- No sudo fragments
- No polkit files
- No udev rules
- unit tests / autopkgtests
- As mentioned previously, router has its own test section in the code at
router/tests, but it's not available during build or in autopkgtest.
- No cron jobs
- Build logs:
- Apparently no relevant issues on router build log.
- Processes spawned
- Some bash scripts are created on router. We don't like the sudo commands but
it looks unlikely to be used in an automated way:
- router/src/router/src/config_generator.cc:2781
- router/src/http/src/posix_re.h:173: Posix extended regular expressions.
C++11 has std::regex, by gcc-4.x throws exceptions when it it used. Instead
mysql-router implements a subset of std::regex. It looks like they didn't
try to recreate the wheel on this, so looks fine.
- router/src/harness/src/utilities-posix.cc:49
- router/src/harness/src/process_launcher.cc:448
- router/src/harness/src/hostname_validator.cc:51
- All above look fine
- Memory management
- Lots of memory management, hard to say just by looking if anything is
wrong, so will dig into it during cppcheck.
- File IO
- Lots of file IO, but looks ok.
- Logging
- router/src/json_schema_embedder/json_schema_embedder.cc: logs to in_filename
and out_filename that the user passed as argument.
- the rest of the code seems to be covered by mysql-router logging feature
e.g.:
https://dev.mysql.com/doc/mysql-router/8.0/en/mysql-router-server-logging.html
- Environment variable usage
- router uses some environment variables in its tests.
- other than that:
- router/src/router/src/router_app.cc:117: std::string
path(std::getenv("PATH"));
- router/src/router/src/router_app.cc:585: auto pid_file_env =
std::getenv("ROUTER_PID");
- router/src/router/src/config_generator.cc:1761: std::string
path(std::getenv("PATH"));
- router/src/router/src/common/mysql_session.cc:290:
getenv("MYSQL_ROUTER_RECORD_MOCK") ? getenv("MYSQL_ROUTER_RECORD_MOCK")
- router/src/router/src/common/mysql_session.cc:297: const char *outfile
= std::getenv("MYSQL_ROUTER_RECORD_MOCK");
- router/src/router/src/keyring_info.cc:179: err_code =
::setenv("ROUTER_ID", std::to_string(router_id).c_str(), 1);
- router/src/router/src/utils.cc:215: const char *env_var_value =
std::getenv(env_var.c_str());
- router/src/mock_server/src/duk_module_shim.c:231:static duk_ret_t
node_process_getenv(duk_context *ctx) {
- router/src/mock_server/src/duk_module_shim.c:232: duk_push_string(ctx,
getenv(duk_require_string(ctx, 0)));
- router/src/mock_server/src/duk_module_shim.c:325:
"process.getenv(key);}}); }")) {
- seem ok to me.
- Use of privileged functions
- router/src/routing/src/mysql_routing.cc:477 - chmod 777 to a socket file, it
is not clear to me if that can be a problem, but some comments in the code
say this permission is to mimic what mysql server does.
- router/src/harness/src/filesystem.cc:649: runs chmod on top of a file with
the permissions passed to the function.
- router/src/harness/src/filesystem.cc:661: chmod 777, used to make file
public, so it will be really public.
- router/src/harness/src/filesystem.cc:677: chmod 600, used to make file
private.
- router/src/harness/src/tty.c:163: ioctl used to fill the winsize structure
with the screen width and height.
- router/src/router/src/config_generator.cc:2741: chmod 700 to script file.
- Use of cryptography / random number sources etc
- To communicate with MySQL metadata server when ssl_mode is set.
- Use of temp files
- overall looks safe
- router/src/router/src/config_generatior.cc:584: set socketsdir to /tmp if
user didn't specify one
- router/src/router/src/utils.cc:100
- Use of networking
- plenty of use of networking as one should expect.
- It looks ok enough, going in-depth will be overkill.
- No use of WebKit
- No use of PolicyKit
- cppcheck results
- plenty of warnings in testing code, ignoring it. Some warnings on
unitialized variables in the constructor.
- plenty of style issues, considering them low.
- some error issues, but they seem false positives.
- Coverity results
- We decided on not running coverity on it, given the timing constraints.
New bug opened because of FTBFS:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1862364
Solved on version 8.0.19-0ubuntu3. Then a new version was released removing one
of the patches:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1863026
This didn't affect our review.
Security team ACK for promoting mysql-router to main.
Unassigning the security team.
** Changed in: mysql-8.0 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852367
Title:
[MIR] mysql-router (mysql-8.0)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1852367/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
