4.3 Ensure 'allow-suspicious-udfs' is Set to 'OFF'

Information

This option prevents attaching arbitrary shared library functions as user-defined functions by checking for at least one corresponding method named _init _deinit _reset _clear or _add

Preventing shared libraries that do not contain user-defined functions from loading will reduce the attack surface of the server.

Solution

Perform the following to establish the recommended state:

- Remove --allow-suspicious-udfs from the mysqld start up command line.
- Remove allow-suspicious-udfs from the MySQL option file.

See Also

https://workbench.cisecurity.org/benchmarks/15504

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8

Plugin: Unix

Control ID: bc6860697b23f5f261f3567343e414983ac7c8ce0d22fdfe5dc7bc37d7fdd179