PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski Commons 4.0 (CC BY 4.0) Vitess Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project Summary 4 Audit Scope 4 Threat model formalisation 5 Fuzzing Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was a new component of Vitess,

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Showing migration logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components

query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one or more MySQL instance shards, and then apply it to a target instance. An user can leverage

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 Showing migration logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components

query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one or more MySQL instance shards, and then apply it to a target instance. An user can leverage

Vitess? . . . . . . . . . . . . . . . . . 39 I cannot start a cluster, and see these errors in the logs: Could not open required defaults file: /path/to/my.cnf . 40 Queries . . . . . . . . . . . . . . sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp 22 System variable Handled audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components

relevant code and documentation was granted. While the first project meeting provided the basis for the audit, a more ad-hoc kick-off meeting ensured that no major hurdles emerged. A Cure53, Berlin · 03/08/19 Test Methodology This section describes the methodology that was used during this source code audit and penetration tests. The test was divided into two phases. Each phase had goals that were closely the noteworthy steps undertaken during the first part of the test, which entailed the manual code audit of the sources of the Vitess software in scope. This is to underline that, in spite of the almost

Vitess? . . . . . . . . . . . . . . . . . 27 I cannot start a cluster, and see these errors in the logs: Could not open required defaults file: /path/to/my.cnf . 27 Queries . . . . . . . . . . . . . . accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one or more MySQL instance shards, and then apply it to a target instance. An user can leverage

Vitess? . . . . . . . . . . . . . . . . . 26 I cannot start a cluster, and see these errors in the logs: Could not open required defaults file: /path/to/my.cnf . 26 Queries . . . . . . . . . . . . . . accessible via VTGate. The purpose of VStream is to provide equivalent information to the MySQL binary logs from the underlying MySQL shards of the Vitess cluster. gRPC clients, including Vitess components of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one or more MySQL instance shards, and then apply it to a target instance. An user can leverage

Vitess? . . . . . . . . . . . . . . . . . 22 I cannot start a cluster, and see these errors in the logs: Could not open required defaults file: /path/to/my.cnf . 23 Queries . . . . . . . . . . . . . . coverage when unit test coverage is not possible. • Is this change going to log too much? (Error logs should only happen when the component is in bad shape, not because of bad transient state or bad user 15306 -u mysql_user --password=mysql_password I cannot start a cluster, and see these errors in the logs: Could not open required defaults file: /path/to/my.cnf Most likely this means that AppArmor is running