From: drh Date: Fri, 10 Jan 2020 00:20:41 +0000 (+0000) Subject: Begin making changes to turn off trusted schema in command-line tools that X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fdefault-untrusted-schema;p=thirdparty%2Fsqlite.git Begin making changes to turn off trusted schema in command-line tools that open SQLite databases. There are a lot of these, and a lot of places to change, which makes me wonder if trusted schema out to be off by default. FossilOrigin-Name: 3d23a275ab5d7d5052130c74cc59025cf6a99cc933cd30cfbcca2a3eaddbb999 --- diff --git a/manifest b/manifest index eaa24e1e04..3db60a141b 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Documentation\supdates\son\snewer\sAPIs.\s\sNo\schanges\sto\scode. -D 2020-01-10T00:00:18.770 +C Begin\smaking\schanges\sto\sturn\soff\strusted\sschema\sin\scommand-line\stools\sthat\nopen\sSQLite\sdatabases.\s\sThere\sare\sa\slot\sof\sthese,\sand\sa\slot\sof\splaces\sto\nchange,\swhich\smakes\sme\swonder\sif\strusted\sschema\sout\sto\sbe\soff\sby\sdefault. +D 2020-01-10T00:20:41.072 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -531,7 +531,7 @@ F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384 F src/resolve.c 1139e3157c710c6e6f04fe726f4e0d8bdb1ae89a276d3b0ca4975af163141c9c F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93 F src/select.c 924b61cef57033a8ca1ed3dcffd02445a7dd0c837cc849b2e4117251cac831f5 -F src/shell.c.in 43d3cfbee97d78ca5782dc53e4c1e22d3cc15c91beff20889dc60551f47eab9f +F src/shell.c.in a68cd2a90e86dfb63fbf5a003a807013f30ea490ffb6cf54d10499bb12d2116a F src/sqlite.h.in 0ed2c973fcfa1e2ce120b35827a23e252719c3337ff64a1f76b800b53169d56e F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h 72af51aa4e912e14cd495fb6e7fac65f0940db80ed950d90911aff292cc47ce2 @@ -1821,7 +1821,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 7ce07da76b5e745783e703a834417d725b7d45fd F tool/split-sqlite3c.tcl 3efcd4240b738f6bb2b5af0aea7e1e0ef9bc1c61654f645076cec883030b710c -F tool/sqldiff.c 7b9b7238284f02131dbb8f21a4e862409bff728045c5473139d28c67ac87580e +F tool/sqldiff.c 270266966100dcb57490bdd933bb145c06cdef85afc856f7354d3f3a25c0ff1c F tool/sqlite3_analyzer.c.in 7eeaae8b0d7577662acaabbb11107af0659d1b41bc1dfdd4d91422de27127968 F tool/sqltclsh.c.in 1bcc2e9da58fadf17b0bf6a50e68c1159e602ce057210b655d50bad5aaaef898 F tool/sqltclsh.tcl 862f4cf1418df5e1315b5db3b5ebe88969e2a784525af5fbf9596592f14ed848 @@ -1856,7 +1856,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 20237d5dc4451f142b511e50a4acef4574cef17b9222c87dcebfe1ed1bab0ad9 -R 62d7e9ceb3c6bf2163d7b131b5c92b18 +P 8845a8c22a4ceabee130ce2addbe07e13b0496eeb542c89850f8658d21a48f89 +R 6d7d6cc0b2b3dc095c65be57f394a405 +T *branch * default-untrusted-schema +T *sym-default-untrusted-schema * +T -sym-trunk * U drh -Z 8e437f19b27b8e5454199c775779247a +Z 910a86746ff9d57b9bd1611487c6e73d diff --git a/manifest.uuid b/manifest.uuid index d68bfd43b5..18fb356fae 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -8845a8c22a4ceabee130ce2addbe07e13b0496eeb542c89850f8658d21a48f89 \ No newline at end of file +3d23a275ab5d7d5052130c74cc59025cf6a99cc933cd30cfbcca2a3eaddbb999 \ No newline at end of file diff --git a/src/shell.c.in b/src/shell.c.in index 118205532c..806c329acc 100644 --- a/src/shell.c.in +++ b/src/shell.c.in @@ -4162,6 +4162,7 @@ static void open_db(ShellState *p, int openFlags){ } exit(1); } + sqlite3_db_config(p->db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); #ifndef SQLITE_OMIT_LOAD_EXTENSION sqlite3_enable_load_extension(p->db, 1); #endif @@ -4848,6 +4849,7 @@ static void tryToClone(ShellState *p, const char *zNewDb){ sqlite3_errmsg(newDb)); }else{ sqlite3_exec(p->db, "PRAGMA writable_schema=ON;", 0, 0, 0); + sqlite3_db_config(newDb, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); sqlite3_exec(newDb, "BEGIN EXCLUSIVE;", 0, 0, 0); tryToCloneSchema(p, newDb, "type='table'", tryToCloneData); tryToCloneSchema(p, newDb, "type!='table'", 0); @@ -6171,6 +6173,7 @@ static int arDotCommand( ); goto end_ar_command; } + sqlite3_db_config(cmd.db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); sqlite3_fileio_init(cmd.db, 0, 0); sqlite3_sqlar_init(cmd.db, 0, 0); sqlite3_create_function(cmd.db, "shell_putsnl", 1, SQLITE_UTF8, cmd.p, @@ -7023,6 +7026,7 @@ static int do_meta_command(char *zLine, ShellState *p){ close_db(pDest); return 1; } + sqlite3_db_config(pDest, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); if( bAsync ){ sqlite3_exec(pDest, "PRAGMA synchronous=OFF; PRAGMA journal_mode=OFF;", 0, 0, 0); @@ -8390,6 +8394,7 @@ static int do_meta_command(char *zLine, ShellState *p){ return 1; } open_db(p, 0); + sqlite3_db_config(pSrc, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); pBackup = sqlite3_backup_init(p->db, zDb, pSrc, "main"); if( pBackup==0 ){ utf8_printf(stderr, "Error: %s\n", sqlite3_errmsg(p->db)); diff --git a/tool/sqldiff.c b/tool/sqldiff.c index 9f5b6fe6d9..e9571d497b 100644 --- a/tool/sqldiff.c +++ b/tool/sqldiff.c @@ -1955,6 +1955,7 @@ int main(int argc, char **argv){ if( rc ){ cmdlineError("cannot open database file \"%s\"", zDb1); } + sqlite3_db_config(g.db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0); rc = sqlite3_exec(g.db, "SELECT * FROM sqlite_master", 0, 0, &zErrMsg); if( rc || zErrMsg ){ cmdlineError("\"%s\" does not appear to be a valid SQLite database", zDb1);