server: set connection to TCP socket when unix and TCP used (#23463) #23513
Conversation
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
|
/run-all-tests |
ti-srebot
added
priority/release-blocker
|
@morgo please accept the invitation then you can push to the cherry-pick pull requests. |
|
/run-check-dev |
|
/run-check_dev |
|
/lgtm |
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by writing |
ti-chi-bot
added
status/LGT2
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: 8f4c61d
|
ti-chi-bot
added
the
status/can-merge
|
/merge |
|
/run-unit-test |
1 similar comment
|
/run-unit-test |
|
/merge |
|
/merge |
zhouqiang-cl
added
the
cherry-pick-approved
cherry-pick #23463 to release-4.0
You can switch your code base to this Pull Request by using git-extras:
# In tidb repo: git pr https://github.com/pingcap/tidb/pull/23513After apply modifications, you can push your change to this PR via:
What problem does this PR solve?
Issue Number: Fixes #23460
Problem Summary:
If a unix socket configuration is present, the server will set connections to type UnixSocket irrespective of if it was used. This is a problem when the server is listening on both, since connections of type unixSocket do not validate the host portion of the user.
Although ideally the function
isUnixSocket()could be a clientConnection property, this improves the security, because if both types of socket are used, the function will returnFALSE.What is changed and how it works?
Fixes #23460
Related changes
Check List
Tests
Side effects
Release note