WL#8392: Disable symbolic links as compiled default + deprecate variable
Affects: Server-8.0
—
Status: Complete
Symbolic links is defacto disabled on most MySQL distributions, because sample
configuration files contain:
symbolic-links=0
Since symbolic links allow MySQL to write data to any effective location on the
operating system, it creates two issues:
1) MySQL may be tricked into writing to locations it is not supposed to
2) MySQL may write to a location that has privileges that are too loose, and may
be tampered with by other users on the operating system.
(MySQL mitigates risk #1 by not overwriting existing files, but the risk still
remains as an attack vector.)
We therefore decided:
1) Change the compiled default to OFF (aligning with the defacto default)
2) Deprecate and remove this functionality in a future release.
Deprecation of --symbolic-links includes deprecating have_symlink.
User Documentation
==================
* https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-2.html
* https://dev.mysql.com/doc/refman/8.0/en/symbolic-links-to-tables.html
*
https://dev.mysql.com/doc/refman/8.0/en/server-options.html#option_mysqld_symbolic-links
*
https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_have_symlink
Copyright (c) 2000, 2025, Oracle Corporation and/or its affiliates. All rights reserved.