The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

About Worklog
MySQL Worklogs are design specifications for changes that may define past work, or be considered for future development.

WL#8392: Disable symbolic links as compiled default + deprecate variable

Affects: Server-8.0 — Status: Complete

Description

Symbolic links is defacto disabled on most MySQL distributions, because sample 
configuration files contain:

symbolic-links=0

Since symbolic links allow MySQL to write data to any effective location on the
operating system, it creates two issues:

1) MySQL may be tricked into writing to locations it is not supposed to
2) MySQL may write to a location that has privileges that are too loose, and may 
be tampered with by other users on the operating system.

(MySQL mitigates risk #1 by not overwriting existing files, but the risk still 
remains as an attack vector.)

We therefore decided:

1) Change the compiled default to OFF (aligning with the defacto default)
2) Deprecate and remove this functionality in a future release.

Deprecation of --symbolic-links includes deprecating have_symlink.

User Documentation
==================

* https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-2.html
* https://dev.mysql.com/doc/refman/8.0/en/symbolic-links-to-tables.html
*
https://dev.mysql.com/doc/refman/8.0/en/server-options.html#option_mysqld_symbolic-links
*
https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_have_symlink