Information
The local_infile parameter dictates whether files located on the MariaDB client's computer can be loaded or selected via LOAD DATA INFILE or SELECT local_file.
Rationale:
For MariaDB client programs and connectors prior to 10.2.0, disabling local_infile reduces an attacker's ability to read sensitive files off the affected server via an SQL injection vulnerability.
Impact:
Disabling local_infile will impact the functionality of solutions that rely on it.
Solution
Upgrade all MariaDB clients and connectors to 10.2.0 or higher.
In the case where using local_infile is needed, the following changes further harden security:
On client side, secure by:
Limiting the location from where data can be read using --load-data-local-dir.
mariadb --local-infile=0 --load-data-local-dir=/my/local/data
Adding TLS connection to assure server identity by requiring verification.
mariadb --local-infile=0 --load-data-local-dir=/my/local/data --ssl-mode=VERIFY_IDENTITY
If local_infile is not in use or if clients are not upgraded - add the following line to the [mariadbd] section of the MySQL configuration file and restart the MariaDB service:
local-infile=0
Default Value:
0 (OFF)