{question}
What should SingleStore customers know about a recently identified privilege-enforcement issue affecting SELECT ... INTO OUTFILE?
{question}
{answer}
With the help of an ethical hacker, SingleStore identified and resolved a security issue in SingleStoreDB where SELECT ... INTO OUTFILE (without a FROM table clause) did not enforce the FILE WRITE privilege. While SELECT ... FROM table ... INTO OUTFILE correctly enforced the privilege, the specific variant without a table source allowed an authenticated user without FILE WRITE to create files on the database host as the SingleStore engine service account.
The issue primarily affected self-managed deployments. Helios was not affected because local_file_system_access_restricted is enabled there, while the engine-level default for that setting is OFF for backward compatibility.
SingleStore resolved the issue by enforcing the FILE WRITE privilege on the SELECT ... INTO OUTFILE path.
- If you are a SingleStore Helios customer, no action is required.
- For self-managed SingleStore deployments, we are currently preparing patches for upcoming releases (within the next two weeks). In the interim, if your workloads do not need local file system access via SQL, ensure that local_file_system_access_restricted = ON is configured. Alternatively, if such access is required, define a dedicated directory using secure_file_priv to confine file operations to an approved location.
{answer}