MDEV-33727 mariadb-dump trusts the server and does not validate the data

safety first - tell mariadb client not to execute dangerous
cli commands, they cannot be present in the dump anyway.

wrapping the command in /*!999999 ..... */ guarantees that
if a non-mariadb-cli client loads the dump and sends it to the
server - the server will ignore the command it doesn't understand

client/mysqldump.c

@@ -753,56 +753,59 @@ static void write_header(FILE *sql_file, const char *db_name)
     fputs(">\n", sql_file);
     check_io(sql_file);
   }
-  else if (!opt_compact)
+  else
   {
-    print_comment(sql_file, 0,
-                  "-- MariaDB dump %s  Distrib %s, for %s (%s)\n--\n",
-                  DUMP_VERSION, MYSQL_SERVER_VERSION, SYSTEM_TYPE,
-                  MACHINE_TYPE);
-    print_comment(sql_file, 0, "-- Host: %s    ",
-                  fix_for_comment(current_host ? current_host : "localhost"));
-    print_comment(sql_file, 0, "Database: %s\n",
-                  fix_for_comment(db_name ? db_name : ""));
-    print_comment(sql_file, 0,
-                  "-- ------------------------------------------------------\n"
-                 );
-    print_comment(sql_file, 0, "-- Server version\t%s\n",
-                  mysql_get_server_info(&mysql_connection));
+    fprintf(sql_file, "/*!999999\\- enable the sandbox mode */ \n");
+    if (!opt_compact)
+    {
+      print_comment(sql_file, 0,
+                    "-- MariaDB dump %s  Distrib %s, for %s (%s)\n--\n",
+                    DUMP_VERSION, MYSQL_SERVER_VERSION, SYSTEM_TYPE,
+                    MACHINE_TYPE);
+      print_comment(sql_file, 0, "-- Host: %s    ",
+                    fix_for_comment(current_host ? current_host : "localhost"));
+      print_comment(sql_file, 0, "Database: %s\n",
+                    fix_for_comment(db_name ? db_name : ""));
+      print_comment(sql_file, 0,
+                    "-- ------------------------------------------------------\n"
+                   );
+      print_comment(sql_file, 0, "-- Server version\t%s\n",
+                    mysql_get_server_info(&mysql_connection));
 
-    if (!opt_logging)
-      fprintf(sql_file,
-"\n/*M!100101 SET LOCAL SQL_LOG_OFF=0, LOCAL SLOW_QUERY_LOG=0 */;");
+      if (!opt_logging)
+        fprintf(sql_file,
+          "\n/*M!100101 SET LOCAL SQL_LOG_OFF=0, LOCAL SLOW_QUERY_LOG=0 */;");
 
-    if (opt_set_charset)
-      fprintf(sql_file,
-"\n/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;"
-"\n/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;"
-"\n/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;"
-"\n/*!40101 SET NAMES %s */;\n",default_charset);
+      if (opt_set_charset)
+        fprintf(sql_file,
+          "\n/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;"
+          "\n/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;"
+          "\n/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;"
+          "\n/*!40101 SET NAMES %s */;\n",default_charset);
 
-    if (opt_tz_utc)
-    {
-      fprintf(sql_file, "/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;\n");
-      fprintf(sql_file, "/*!40103 SET TIME_ZONE='+00:00' */;\n");
-    }
+      if (opt_tz_utc)
+      {
+        fprintf(sql_file, "/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;\n");
+        fprintf(sql_file, "/*!40103 SET TIME_ZONE='+00:00' */;\n");
+      }
 
-    if (!path)
-    {
-      if (!opt_no_create_info)
+      if (!path)
       {
-        /* We don't need unique checks as the table is created just before */
-        fprintf(md_result_file,"\
-/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;\n");
+        if (!opt_no_create_info)
+        {
+          /* We don't need unique checks as the table is created just before */
+          fprintf(md_result_file,
+            "/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;\n");
+        }
+        fprintf(md_result_file,
+          "/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;\n");
       }
-      fprintf(md_result_file,"\
-/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;\n\
-");
+      fprintf(sql_file,
+              "/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='%s%s%s' */;\n"
+              "/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;\n",
+              path?"":"NO_AUTO_VALUE_ON_ZERO",compatible_mode_normal_str[0]==0?"":",",
+              compatible_mode_normal_str);
     }
-    fprintf(sql_file,
-            "/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='%s%s%s' */;\n"
-            "/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;\n",
-            path?"":"NO_AUTO_VALUE_ON_ZERO",compatible_mode_normal_str[0]==0?"":",",
-            compatible_mode_normal_str);
     check_io(sql_file);
   }
 } /* write_header */

mysql-test/main/ddl_i18n_koi8r.result

@@ -719,6 +719,7 @@ ca	cb
 utf8_general_ci	utf8_general_ci
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -795,6 +796,7 @@ ALTER DATABASE `mysqltest1` CHARACTER SET cp866 COLLATE cp866_general_ci ;
 ---> Dumping mysqltest1 to ddl_i18n_koi8r.sp.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -1723,6 +1725,7 @@ koi8r_general_ci	utf8_general_ci	koi8r_general_ci	koi8r_general_ci	utf8_general_
 DELETE FROM mysqltest2.log|
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -1802,6 +1805,7 @@ ALTER DATABASE `mysqltest1` CHARACTER SET cp866 COLLATE cp866_general_ci ;
 ---> Dumping mysqltest1 to ddl_i18n_koi8r.triggers.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -2485,6 +2489,7 @@ COLLATION( '
 END	ONE TIME	1970-01-02 00:00:00	NULL	NULL		NULL	NULL	DISABLED	PRESERVE	CREATED	LAST_ALTERED	NULL		1	koi8r	koi8r_general_ci	utf8_unicode_ci
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -2552,6 +2557,7 @@ DELIMITER ;
 ---> Dumping mysqltest1 to ddl_i18n_koi8r.events.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 

mysql-test/main/ddl_i18n_utf8.result

@@ -719,6 +719,7 @@ ca	cb
 utf8_general_ci	utf8_general_ci
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -795,6 +796,7 @@ ALTER DATABASE `mysqltest1` CHARACTER SET cp866 COLLATE cp866_general_ci ;
 ---> Dumping mysqltest1 to ddl_i18n_utf8sp.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -1723,6 +1725,7 @@ utf8_general_ci	utf8_general_ci	koi8r_general_ci	utf8_general_ci	utf8_general_ci
 DELETE FROM mysqltest2.log|
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -1802,6 +1805,7 @@ ALTER DATABASE `mysqltest1` CHARACTER SET cp866 COLLATE cp866_general_ci ;
 ---> Dumping mysqltest1 to ddl_i18n_utf8triggers.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -2485,6 +2489,7 @@ COLLATION(    'текст') AS c4,
 END	ONE TIME	1970-01-02 00:00:00	NULL	NULL		NULL	NULL	DISABLED	PRESERVE	CREATED	LAST_ALTERED	NULL		1	utf8	utf8_general_ci	utf8_unicode_ci
 
 ---> Dump of mysqltest1
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 
@@ -2552,6 +2557,7 @@ DELIMITER ;
 ---> Dumping mysqltest1 to ddl_i18n_utf8events.mysqltest1.sql
 
 ---> Dump of mysqltest2
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest2` /*!40100 DEFAULT CHARACTER SET cp866 COLLATE cp866_general_ci */;
 

mysql-test/main/lock_view.result

@@ -16,6 +16,7 @@ create definer=definer@localhost view mysqltest3.v3is as select schema_name from
 create definer=definer@localhost view mysqltest3.v3ps as select user from performance_schema.users where current_connections>0 order by user;
 create definer=definer@localhost view mysqltest3.v3nt as select 1;
 create definer=definer@localhost sql security invoker view mysqltest3.v3i as select * from mysqltest1.t1;
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci */;
 
@@ -235,6 +236,7 @@ create view v1 as select * from (select * from t1) dt;
 lock table v1 read;
 disconnect con1;
 connection default;
+/*!999999\- enable the sandbox mode */ 
 SET @saved_cs_client     = @@character_set_client;
 SET character_set_client = utf8;
 /*!50001 CREATE VIEW `v1` AS SELECT

mysql-test/main/mysql.result

@@ -552,6 +552,7 @@ Table	Create Table
 a1\`b1	CREATE TABLE `a1\``b1` (
   `a` int(11) DEFAULT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `a1\``b1` (
@@ -581,6 +582,7 @@ Table	Create Table
 a1\"b1	CREATE TABLE "a1\""b1" (
   "a" int(11) DEFAULT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE "a1\""b1" (
@@ -603,11 +605,11 @@ set sql_mode=default;
 create table t1 (a text);
 select count(*) from t1;
 count(*)
-41
+42
 truncate table t1;
 select count(*) from t1;
 count(*)
-41
+42
 truncate table t1;
 select count(*) from t1;
 count(*)
@@ -619,7 +621,7 @@ count(*)
 truncate table t1;
 select count(*) from t1;
 count(*)
-41
+42
 truncate table t1;
 select count(*) from t1;
 count(*)

mysql-test/main/mysqldump-compat-102.result

@@ -58,6 +58,7 @@ BEGIN
 log(0, 'Session ' || connection_id() || ' ' || current_user || ' started');
 END;
 $$
+/*!999999\- enable the sandbox mode */ 
 -- MariaDB dump DUMPVERSION  Distrib DISTVERSION, for OS
 --
 -- Host: localhost    Database: db1_mdev17429

mysql-test/main/mysqldump-max.result

@@ -77,6 +77,7 @@ id	name
 3	first value
 4	first value
 5	first value
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -174,6 +175,7 @@ INSERT IGNORE INTO `t6` VALUES (1,'first value'),(2,'first value'),(3,'first val
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/main/mysqldump-nl.result

@@ -12,6 +12,7 @@ create procedure sp() select * from `v1
 1v`;
 flush tables;
 use test;
+/*!999999\- enable the sandbox mode */ 
 
 --
 -- Current Database: `mysqltest1
@@ -134,6 +135,7 @@ test\`
 \! ls
 #
 test`
+/*!999999\- enable the sandbox mode */ 
 
 --
 -- Current Database: `test```

mysql-test/main/mysqldump-no-binlog.result

 mariadb-dump: Error: Binlogging on server not active
+/*!999999\- enable the sandbox mode */ 

mysql-test/main/mysqldump-system.result

@@ -38,6 +38,7 @@ CREATE FUNCTION metaphon RETURNS STRING SONAME "UDF_EXAMPLE_LIB";
 #
 # mysqldump of system tables with --system=all
 #
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -162,6 +163,7 @@ UNLOCK TABLES;
 #
 # mysqldump of system tables with --system=all --replace
 #
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -307,6 +309,7 @@ UNLOCK TABLES;
 #
 # mysqldump of system tables with --system=all --insert-ignore
 #
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/main/mysqldump-timing.result

@@ -7,6 +7,7 @@ CREATE TABLE t1 (i INT);
 INSERT INTO t1 VALUES (0);
 LOCK TABLE t1 WRITE;
 timeout without t1 contents expected
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -30,6 +31,7 @@ SET @save_max_statement_time=@@max_statement_time;
 SET GLOBAL max_statement_time=0.1;
 UNLOCK TABLES;;
 This would be a race condition otherwise, but default max_statement_time=0 makes it succeed
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/main/mysqldump-utf8mb4.result

@@ -32,6 +32,7 @@ Testing XML format output
 ----
 Testing text format output
 ----
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/main/mysqldump.test

@@ -2983,9 +2983,7 @@ TRUNCATE TABLE mysql.general_log;
 DROP DATABASE test1;
 --remove_file $MYSQLTEST_VARDIR/tmp/dumptest1.sql
 
---echo #
 --echo # End of 10.3 tests
---echo #
 
 --echo #
 --echo # MDEV-31092 mysqldump --force doesn't ignore error as it should
@@ -3004,6 +3002,25 @@ drop function f2;
 drop event e1;
 drop table t1;
 
---echo #
 --echo # End of 10.4 tests
+
 --echo #
+--echo # MDEV-33727 mariadb-dump trusts the server and does not validate the data
+--echo #
+
+create table t1 (a int);
+--exec $MYSQL_DUMP --compact --add-drop-table test > $MYSQLTEST_VARDIR/tmp/mdev33727.sql
+
+# first let's verify it can be loaded not only by mariadb client
+--source $MYSQLTEST_VARDIR/tmp/mdev33727.sql
+
+# and now test the mariadb client sandbox protection
+--append_file $MYSQLTEST_VARDIR/tmp/mdev33727.sql
+\! echo foo
+EOF
+--error 1
+--exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/mdev33727.sql 2>&1
+--remove_file $MYSQLTEST_VARDIR/tmp/mdev33727.sql
+drop table t1;
+
+--echo # End of 10.5 tests

mysql-test/main/openssl_1.result

@@ -77,6 +77,7 @@ DROP TABLE thread_status;
 SET GLOBAL event_scheduler=0;
 CREATE TABLE t1(a int);
 INSERT INTO t1 VALUES (1), (2);
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -111,6 +112,7 @@ UNLOCK TABLES;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -145,6 +147,7 @@ UNLOCK TABLES;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/main/plugin_auth.result

@@ -338,6 +338,7 @@ FLUSH PRIVILEGES;
 # Executing 'mysqladmin'
 mysqld is alive
 # Executing 'mysqldump'
+/*!999999\- enable the sandbox mode */ 
 # Executing 'mysql_upgrade'
 #
 # Bug #59657: Move the client authentication_pam plugin into the 

mysql-test/main/rpl_mysqldump_slave.result

@@ -7,14 +7,17 @@ connection slave;
 connection master;
 use test;
 connection slave;
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='';
 CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
+/*!999999\- enable the sandbox mode */ 
 STOP ALL SLAVES;
 -- SET GLOBAL gtid_slave_pos='';
 CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 START ALL SLAVES;
+/*!999999\- enable the sandbox mode */ 
 STOP ALL SLAVES;
 -- SET GLOBAL gtid_slave_pos='';
 CHANGE MASTER '' TO MASTER_HOST='127.0.0.1', MASTER_PORT=MASTER_MYPORT, MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
@@ -23,6 +26,7 @@ START ALL SLAVES;
 start slave;
 Warnings:
 Note	1254	Slave is already running
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='';
 CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
@@ -41,6 +45,7 @@ DROP TABLE t2;
 
 1. --dump-slave=1 --gtid
 
+/*!999999\- enable the sandbox mode */ 
 SET GLOBAL gtid_slave_pos='0-1-1001';
 CHANGE MASTER '' TO MASTER_USE_GTID=slave_pos;
 -- CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
@@ -48,12 +53,14 @@ CHANGE MASTER '' TO MASTER_USE_GTID=slave_pos;
 
 1a. --dump-slave=1
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-1-1001';
 CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 
 2. --dump-slave=2 --gtid
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-1-1001';
 -- CHANGE MASTER '' TO MASTER_USE_GTID=slave_pos;
 -- CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
@@ -61,6 +68,7 @@ CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_S
 
 2. --dump-slave=2
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-1-1001';
 -- CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
@@ -68,39 +76,46 @@ CHANGE MASTER '' TO MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=BINLOG_S
 
 1. --master-data=1 --gtid
 
+/*!999999\- enable the sandbox mode */ 
 CHANGE MASTER TO MASTER_USE_GTID=slave_pos;
 SET GLOBAL gtid_slave_pos='0-2-1003';
 -- CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 1a. --master-data=1
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-2-1003';
 CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 2. --master-data=2 --gtid
 
+/*!999999\- enable the sandbox mode */ 
 -- CHANGE MASTER TO MASTER_USE_GTID=slave_pos;
 -- SET GLOBAL gtid_slave_pos='0-2-1003';
 -- CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 2a. --master-data=2
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-2-1003';
 -- CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 3. --master-data --single-transaction --gtid
 
+/*!999999\- enable the sandbox mode */ 
 CHANGE MASTER TO MASTER_USE_GTID=slave_pos;
 SET GLOBAL gtid_slave_pos='0-2-1003';
 -- CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 3a. --master-data --single-transaction
 
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-2-1003';
 CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START;
 
 4. --master-data=2 --dump-slave=2 --single-transaction --gtid (MDEV-4827)
 
+/*!999999\- enable the sandbox mode */ 
 -- MariaDB dump--
 -- Host: localhost    Database: test
 -- ------------------------------------------------------
@@ -156,6 +171,7 @@ CHANGE MASTER TO MASTER_LOG_FILE='slave-bin.000001', MASTER_LOG_POS=BINLOG_START
 
 4a. --master-data=2 --dump-slave=2 --single-transaction (MDEV-4827)
 
+/*!999999\- enable the sandbox mode */ 
 -- MariaDB dump--
 -- Host: localhost    Database: test
 -- ------------------------------------------------------
@@ -215,6 +231,7 @@ include/stop_slave.inc
 change master to master_use_gtid=slave_pos;
 connection master;
 # Ensuring the binlog dump thread is killed on primary...
+/*!999999\- enable the sandbox mode */ 
 -- SET GLOBAL gtid_slave_pos='0-1-1005';
 -- CHANGE MASTER TO MASTER_LOG_FILE='master-bin.000002', MASTER_LOG_POS=BINLOG_START;
 connection slave;

mysql-test/main/trigger_wl3253.result

@@ -310,6 +310,7 @@ CREATE TABLE t1 (a INT);
 CREATE TRIGGER tr1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1;
 CREATE TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2;
 CREATE TRIGGER tr1_bu BEFORE UPDATE ON t1 FOR EACH ROW SET @a:=3;
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t1` (
@@ -372,6 +373,7 @@ CREATE TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2;
 CREATE TRIGGER tr0_bi BEFORE INSERT ON t1 FOR EACH ROW PRECEDES tr1_bi SET @a:=0;
 CREATE TRIGGER tr1_1_bi BEFORE INSERT ON t1 FOR EACH ROW FOLLOWS tr1_bi SET @a:=0;
 # Expected order of triggers in the dump is: tr0_bi, tr1_bi, tr1_1_bi, tr2_i.
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t1` (

mysql-test/suite/archive/archive_bitfield.result

@@ -180,6 +180,7 @@ INSERT INTO `t1` VALUES
 (NULL,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,b'100000',b'010010',b'011111',4,5,5,5,5,5,5,5,5,5,3,2,1),
 (NULL,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,b'000000',b'001100',b'111111',4,5,5,5,5,5,5,5,5,5,3,2,1),
 (NULL,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,b'111111',b'000000',b'000000',4,5,5,5,5,5,5,5,5,5,3,2,1);
+/*!999999\- enable the sandbox mode */ 
 INSERT INTO `t1` VALUES (1,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x01,0x3F,0x3E,4,5,5,5,5,5,5,5,5,5,3,2,1);
 INSERT INTO `t1` VALUES (2,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x02,0x00,0x3D,4,5,5,5,5,5,5,5,5,5,3,2,1);
 INSERT INTO `t1` VALUES (3,1,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x04,0x0F,0x3B,4,5,5,5,5,5,5,5,5,5,3,2,1);

mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result

@@ -24,6 +24,7 @@ b1 VARCHAR(64) AS (LPAD(b0,10)) PERSISTENT
 CREATE VIEW v2 AS SELECT
 LTRIM(now()) AS a0,
 LPAD(now(),10) AS b0;
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t1` (

mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result

@@ -34,6 +34,7 @@ PROCEDURE p1;
 FUNCTION f1 RETURN INT;
 END;
 $$
+/*!999999\- enable the sandbox mode */ 
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

mysql-test/suite/federated/federatedx.result

@@ -2243,6 +2243,7 @@ connection master;
 CREATE TABLE t1(id VARCHAR(20) NOT NULL, PRIMARY KEY(id)) ENGINE=FEDERATED 
 CONNECTION='mysql://root@127.0.0.1:SLAVE_PORT/test/t1';
 # Dump table t1 using mysqldump tool
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t1` (

mysql-test/suite/roles/definer.result

@@ -274,6 +274,7 @@ a	b	c
 111	4	0
 2	20	200
 delete from t1 where a=111;
+/*!999999\- enable the sandbox mode */ 
 
 CREATE DATABASE /*!32312 IF NOT EXISTS*/ `test` /*!40100 DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci */;
 

mysql-test/suite/sql_sequence/mysqldump.result

@@ -3,6 +3,7 @@ CREATE TABLE t1(a INT, KEY (a)) KEY_BLOCK_SIZE=1024;
 insert into t1 values (1),(2);
 CREATE SEQUENCE x1 engine=innodb;
 # dump whole database
+/*!999999\- enable the sandbox mode */ 
 CREATE SEQUENCE `a1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=Aria;
 SELECT SETVAL(`a1`, 1, 0);
 CREATE SEQUENCE `x1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=InnoDB;
@@ -16,6 +17,7 @@ CREATE TABLE `t1` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 INSERT INTO `t1` VALUES (1),(2);
 # dump by tables order 1
+/*!999999\- enable the sandbox mode */ 
 CREATE SEQUENCE `a1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=Aria;
 SELECT SETVAL(`a1`, 1, 0);
 CREATE SEQUENCE `x1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=InnoDB;
@@ -29,6 +31,7 @@ CREATE TABLE `t1` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 INSERT INTO `t1` VALUES (1),(2);
 # dump by tables order 2
+/*!999999\- enable the sandbox mode */ 
 CREATE SEQUENCE `a1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=Aria;
 SELECT SETVAL(`a1`, 1, 0);
 CREATE SEQUENCE `x1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=InnoDB;
@@ -42,6 +45,7 @@ CREATE TABLE `t1` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 INSERT INTO `t1` VALUES (1),(2);
 # dump by tables only tables
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t1` (
@@ -51,6 +55,7 @@ CREATE TABLE `t1` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 INSERT INTO `t1` VALUES (1),(2);
 # dump by tables only sequences
+/*!999999\- enable the sandbox mode */ 
 CREATE SEQUENCE `a1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=Aria;
 SELECT SETVAL(`a1`, 1, 0);
 CREATE SEQUENCE `x1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=InnoDB;

storage/connect/mysql-test/connect/r/mysql.result

@@ -229,6 +229,7 @@ a
 20
 30
 # Start of mysqldump ------
+/*!999999\- enable the sandbox mode */ 
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `t2` (