mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-24 20:51:23 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			278 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			278 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <?xml version="1.0" encoding="UTF-8" ?>
 | |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 | |
| <html xmlns="http://www.w3.org/1999/xhtml">
 | |
| <head>
 | |
| <link rel="stylesheet" type="text/css" href="../mysqludf.css"/>
 | |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 | |
| <title>lib_mysqludf_sys - A library of MySQL UDFs for working with the environment in which MySQL runs</title>
 | |
| </head>
 | |
| <body>
 | |
| 	<div>
 | |
| 		<a href="../index.html">Top</a>
 | |
| 	|	<a href="../mysql_udf_repository_libraries.html">Up</a>
 | |
| 	</div>
 | |
| 	<h1>lib_mysqludf_sys</h1>
 | |
| 	<div>
 | |
| 		<a href="lib_mysqludf_sys.html">Documentation</a>
 | |
| 	|	<a href="lib_mysqludf_sys.so">Binary</a>
 | |
| 	|	<a href="lib_mysqludf_sys.sql">Installation</a>
 | |
| 	|	<a href="lib_mysqludf_sys.c">Source</a>
 | |
| 	|	<a href="lib_mysqludf_sys_0.0.2.tar.gz">tar.gz</a>
 | |
| 	</div>
 | |
| 	<p>
 | |
| 		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
 | |
| 	</p>
 | |
| 	<ol>
 | |
| 		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
 | |
| 		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
 | |
| 		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
 | |
| 		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
 | |
| 	</ol>
 | |
| 	<p>
 | |
| 		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
 | |
| 	</p>
 | |
| 	
 | |
| 
 | |
| 	<a name="sys_eval"></a><h2>sys_eval</h2>
 | |
| 	<p>
 | |
| 		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
 | |
| 	</p>
 | |
| 	<h3>Syntax</h3>
 | |
| <pre>sys_eval(<b>arg1</b>)</pre>
 | |
| 	<h3>Parameters and Return Values</h3>
 | |
| 	<dl>
 | |
| 		<dt><code><b>arg1</b></code></dt>
 | |
| 		<dd>
 | |
| 			A command string valid for the current operating system or execution environment.
 | |
| 		</dd>
 | |
| 		<dt>returns</dt>
 | |
| 		<dd>
 | |
| 			Whatever output the command pushed to the standard output stream.
 | |
| 		</dd>
 | |
| 	</dl>
 | |
| 	<h3>Installation</h3>
 | |
| 	<p>
 | |
| 		Place the shared library binary in an appropriate location. 
 | |
| 		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
 | |
| 		Then, create the function using the following DDL statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
 | |
| 	</pre>
 | |
| 	<p>
 | |
| 		The function will be globally available in all databases.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		The deinstall the function, run the following statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| DROP FUNCTION sys_eval;
 | |
| 	</pre>
 | |
| 	<h3>Examples</h3>
 | |
| 	<p>
 | |
| 		None yet
 | |
| 	</p>
 | |
| 	<h3>A Note of Caution</h3>
 | |
| 	<p>
 | |
| 		Be very careful in deciding whether you need this function. 
 | |
| 		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
 | |
| 		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
 | |
| 		exposing the function poses a very real security hazard.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		Even for a benign user, it is possible to accidentally do a lot of damage with it.
 | |
| 		The call will be executed with the privileges of the os user that runs MySQL, 
 | |
| 		so it is entirely feasible to delete MySQL's data directory, or worse.		
 | |
| 	</p>
 | |
| 	<p>	
 | |
| 		The function is intended for specialized MySQL applications where one needs extended 
 | |
| 		control over the operating system. 
 | |
| 		Currently, we do not have UDF's for ftp, email and http, 
 | |
| 		and this function can be used to implement such functionality in case it is really necessary
 | |
| 		(datawarehouse staging areas could be a case in example).
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
 | |
| 	</p>
 | |
| 	<p>
 | |
|                 If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
 | |
| 	</p>
 | |
| 
 | |
| 	<a name="sys_exec"></a><h2>sys_exec</h2>
 | |
| 	<p>
 | |
| 		<code>sys_exec</code> takes one command string argument and executes it.
 | |
| 	</p>
 | |
| 	<h3>Syntax</h3>
 | |
| <pre>sys_exec(<b>arg1</b>)</pre>
 | |
| 	<h3>Parameters and Return Values</h3>
 | |
| 	<dl>
 | |
| 		<dt><code><b>arg1</b></code></dt>
 | |
| 		<dd>
 | |
| 			A command string valid for the current operating system or execution environment.
 | |
| 		</dd>
 | |
| 		<dt>returns</dt>
 | |
| 		<dd>
 | |
| 			An (integer) exit code returned by the executed process.
 | |
| 		</dd>
 | |
| 	</dl>
 | |
| 	<h3>Installation</h3>
 | |
| 	<p>
 | |
| 		Place the shared library binary in an appropriate location. 
 | |
| 		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
 | |
| 		Then, create the function using the following DDL statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';	
 | |
| 	</pre>
 | |
| 	<p>
 | |
| 		The function will be globally available in all databases.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		The deinstall the function, run the following statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| DROP FUNCTION sys_exec;
 | |
| 	</pre>
 | |
| 	<h3>Examples</h3>
 | |
| 	<p>
 | |
| 		None yet
 | |
| 	</p>
 | |
| 	<h3>A Note of Caution</h3>
 | |
| 	<p>
 | |
| 		Be very careful in deciding whether you need this function. 
 | |
| 		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
 | |
| 		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
 | |
| 		exposing the function poses a very real security hazard.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		Even for a benign user, it is possible to accidentally do a lot of damage with it.
 | |
| 		The call will be executed with the privileges of the os user that runs MySQL, 
 | |
| 		so it is entirely feasible to delete MySQL's data directory, or worse.		
 | |
| 	</p>
 | |
| 	<p>	
 | |
| 		The function is intended for specialized MySQL applications where one needs extended 
 | |
| 		control over the operating system. 
 | |
| 		Currently, we do not have UDF's for ftp, email and http, 
 | |
| 		and this function can be used to implement such functionality in case it is really necessary
 | |
| 		(datawarehouse staging areas could be a case in example).
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
 | |
| 	</p>
 | |
| 	<p>
 | |
|                 If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
 | |
| 	</p>
 | |
| 	<a name="sys_get"></a><h2>sys_get</h2>
 | |
| 	<p>
 | |
| 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
 | |
| 	</p>
 | |
| 	<h3>Syntax</h3>
 | |
| <pre>sys_get([<b>arg1</b>)</pre>
 | |
| 	<h3>Parameters and Return Values</h3>
 | |
| 	<dl>
 | |
| 		<dt><code><b>arg1</b></code></dt>
 | |
| 		<dd>
 | |
| 			A string that denotes the name of an environment value.			
 | |
| 		</dd>
 | |
| 		<dt>returns</dt>
 | |
| 		<dd>
 | |
| 			If the variable exists, a string containing the value of the environment variable.
 | |
| 			If the variable does not exist, the function return NULL.
 | |
| 		</dd>
 | |
| 	</dl>
 | |
| 	<h3>Installation</h3>
 | |
| 	<p>
 | |
| 		Place the shared library binary in an appropriate location. 
 | |
| 		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
 | |
| 		Then, create the function using the following DDL statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| CREATE FUNCTION sys_get RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
 | |
| 	</pre>
 | |
| 	<p>
 | |
| 		The function will be globally available in all databases.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		The deinstall the function, run the following statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| DROP FUNCTION sys_get;
 | |
| 	</pre>
 | |
| 	<h3>Examples</h3>
 | |
| 	<p>
 | |
| 		None yet
 | |
| 	</p>
 | |
| 	<h3>A Note of Caution</h3>
 | |
| 	<p>
 | |
| 		Be very careful in deciding whether you need this function. 
 | |
| 		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
 | |
| 		The variables known in the environment where mysql runs are freely accessible using this function.
 | |
| 		Any user can get access to potentially secret information, such as
 | |
| 		the user that is running mysqld, the path of the user's home directory etc.
 | |
| 	</p>
 | |
| 	<p>	
 | |
| 		The function is intended for specialized MySQL applications where one needs extended 
 | |
| 		control over the operating system. 
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
 | |
| 	</p>
 | |
| 	<a name="sys_set"></a><h2>sys_set</h2>
 | |
| 	<p>
 | |
| 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
 | |
| 	</p>
 | |
| 	<h3>Syntax</h3>
 | |
| <pre>sys_set([<b>arg1, arg2</b>)</pre>
 | |
| 	<h3>Parameters and Return Values</h3>
 | |
| 	<dl>
 | |
| 		<dt><code><b>arg1</b></code></dt>
 | |
| 		<dd>
 | |
| 			A string that denotes the name of an environment value.			
 | |
| 		</dd>
 | |
| 		<dt><code><b>arg2</b></code></dt>
 | |
| 		<dd>
 | |
| 			An expression that contains the value that is to be assigned to the environment variable.			
 | |
| 		</dd>
 | |
| 		<dt>returns</dt>
 | |
| 		<dd>
 | |
| 			0 if the assignment or creation succeed.
 | |
| 			non-zero otherwise.
 | |
| 		</dd>
 | |
| 	</dl>
 | |
| 	<h3>Installation</h3>
 | |
| 	<p>
 | |
| 		Place the shared library binary in an appropriate location. 
 | |
| 		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
 | |
| 		Then, create the function using the following DDL statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| CREATE FUNCTION sys_set RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
 | |
| 	</pre>
 | |
| 	<p>
 | |
| 		The function will be globally available in all databases.
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		The deinstall the function, run the following statement:
 | |
| 	</p>
 | |
| 	<pre>
 | |
| DROP FUNCTION sys_set;
 | |
| 	</pre>
 | |
| 	<h3>Examples</h3>
 | |
| 	<p>
 | |
| 		None yet
 | |
| 	</p>
 | |
| 	<h3>A Note of Caution</h3>
 | |
| 	<p>
 | |
| 		Be very careful in deciding whether you need this function. 
 | |
| 		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
 | |
| 		This function will overwrite existing environment variables.
 | |
| 	</p>
 | |
| 	<p>	
 | |
| 		The function is intended for specialized MySQL applications where one needs extended 
 | |
| 		control over the operating system. 
 | |
| 	</p>
 | |
| 	<p>
 | |
| 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
 | |
| 	</p>
 | |
| </body>
 | |
| </html |