4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf

Information

This option prevents attaching arbitrary shared library functions as user-defined functions by checking for at least one corresponding method named _init, _deinit, _reset, _clear, or _add.

Rationale:

Preventing shared libraries that do not contain user-defined functions from loading will reduce the attack surface of the server.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following to establish the recommended state:

Remove --allow-suspicious-udfs from the mysqld start up command line.

Remove allow-suspicious-udfs from the MySQL option file.

Default Value:

OFF

See Also

https://workbench.cisecurity.org/files/3855

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8

Plugin: Windows

Control ID: a0220d98f9f9dd91ad925e5154bb0959492d3da3e1d7b84a8c4566b4aa397b6b