I reviewed mysql-router 8.0.19-0ubuntu2 as checked into focal (when this review started). This shouldn't be considered a full audit but rather a quick gauge of maintainability.
mysql-router is a binary package from mysql-8.0 that is responsible for routing connections from MySQL clients to MySQL servers. As mentioned previously, only mysql-router is missing in main from mysql-8.0 source package. - No CVE History: - Build-Depends - libc6 (>= 2.28) - libevent-core-2.1-7 (>= 2.1.8-stable) - libevent-extra-2.7-7 (>= 2.1.8-stable) - libevent-openssl-2.7-7 (>= 2.1.8-stable) - libgcc1 - liblz4-1 - libssl1.1 - libstdc++6 - zlib1g - No pre/post rm and pre/post inst scripts. - No init scripts - No systemd units - No dbus services - No setuid binaries - binaries in PATH - /usr/bin/mysqlrouter - /usr/bin/mysqlrouter_keyring - /usr/bin/mysqlrouter_passwd - /usr/bin/mysqlrouter_plugin_info - No sudo fragments - No polkit files - No udev rules - unit tests / autopkgtests - As mentioned previously, router has its own test section in the code at router/tests, but it's not available during build or in autopkgtest. - No cron jobs - Build logs: - Apparently no relevant issues on router build log. - Processes spawned - Some bash scripts are created on router. We don't like the sudo commands but it looks unlikely to be used in an automated way: - router/src/router/src/config_generator.cc:2781 - router/src/http/src/posix_re.h:173: Posix extended regular expressions. C++11 has std::regex, by gcc-4.x throws exceptions when it it used. Instead mysql-router implements a subset of std::regex. It looks like they didn't try to recreate the wheel on this, so looks fine. - router/src/harness/src/utilities-posix.cc:49 - router/src/harness/src/process_launcher.cc:448 - router/src/harness/src/hostname_validator.cc:51 - All above look fine - Memory management - Lots of memory management, hard to say just by looking if anything is wrong, so will dig into it during cppcheck. - File IO - Lots of file IO, but looks ok. - Logging - router/src/json_schema_embedder/json_schema_embedder.cc: logs to in_filename and out_filename that the user passed as argument. - the rest of the code seems to be covered by mysql-router logging feature e.g.: https://dev.mysql.com/doc/mysql-router/8.0/en/mysql-router-server-logging.html - Environment variable usage - router uses some environment variables in its tests. - other than that: - router/src/router/src/router_app.cc:117: std::string path(std::getenv("PATH")); - router/src/router/src/router_app.cc:585: auto pid_file_env = std::getenv("ROUTER_PID"); - router/src/router/src/config_generator.cc:1761: std::string path(std::getenv("PATH")); - router/src/router/src/common/mysql_session.cc:290: getenv("MYSQL_ROUTER_RECORD_MOCK") ? getenv("MYSQL_ROUTER_RECORD_MOCK") - router/src/router/src/common/mysql_session.cc:297: const char *outfile = std::getenv("MYSQL_ROUTER_RECORD_MOCK"); - router/src/router/src/keyring_info.cc:179: err_code = ::setenv("ROUTER_ID", std::to_string(router_id).c_str(), 1); - router/src/router/src/utils.cc:215: const char *env_var_value = std::getenv(env_var.c_str()); - router/src/mock_server/src/duk_module_shim.c:231:static duk_ret_t node_process_getenv(duk_context *ctx) { - router/src/mock_server/src/duk_module_shim.c:232: duk_push_string(ctx, getenv(duk_require_string(ctx, 0))); - router/src/mock_server/src/duk_module_shim.c:325: "process.getenv(key);}}); }")) { - seem ok to me. - Use of privileged functions - router/src/routing/src/mysql_routing.cc:477 - chmod 777 to a socket file, it is not clear to me if that can be a problem, but some comments in the code say this permission is to mimic what mysql server does. - router/src/harness/src/filesystem.cc:649: runs chmod on top of a file with the permissions passed to the function. - router/src/harness/src/filesystem.cc:661: chmod 777, used to make file public, so it will be really public. - router/src/harness/src/filesystem.cc:677: chmod 600, used to make file private. - router/src/harness/src/tty.c:163: ioctl used to fill the winsize structure with the screen width and height. - router/src/router/src/config_generator.cc:2741: chmod 700 to script file. - Use of cryptography / random number sources etc - To communicate with MySQL metadata server when ssl_mode is set. - Use of temp files - overall looks safe - router/src/router/src/config_generatior.cc:584: set socketsdir to /tmp if user didn't specify one - router/src/router/src/utils.cc:100 - Use of networking - plenty of use of networking as one should expect. - It looks ok enough, going in-depth will be overkill. - No use of WebKit - No use of PolicyKit - cppcheck results - plenty of warnings in testing code, ignoring it. Some warnings on unitialized variables in the constructor. - plenty of style issues, considering them low. - some error issues, but they seem false positives. - Coverity results - We decided on not running coverity on it, given the timing constraints. New bug opened because of FTBFS: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1862364 Solved on version 8.0.19-0ubuntu3. Then a new version was released removing one of the patches: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1863026 This didn't affect our review. Security team ACK for promoting mysql-router to main. Unassigning the security team. ** Changed in: mysql-8.0 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1852367 Title: [MIR] mysql-router (mysql-8.0) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1852367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs