database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders

Browse Source 
"load data infile .."  allowed for access to 
unautohorized tables.
Due to a faulty if-statement it was possible to
circumvent the secure_file_priv restriction.


mysql-test/mysql-test-run.pl:
  * Add SECURE_LOAD_PATH environment variable to mtr test cases.
mysql-test/suite/sys_vars/r/secure_file_priv2.result:
  * add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt:
  * add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2.test:
  * add test for bug58747
sql/sql_load.cc:
  * Correct faulty if-statement
  * fix indentation
  * move my_stat() block to after is_secure_file_path() check.
This commit is contained in:
Kristofer Pettersson
2010-12-16 11:49:40 +01:00
parent 4ced023cb8
commit 21da523f17
5 changed files with 85 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/mysql-test-run.pl
View File

@ -2025,6 +2025,16 @@ sub environment_setup {
$ENV{'DEFAULT_MASTER_PORT'}= $mysqld_variables{'master-port'} || 3306;
$ENV{'MYSQL_TMP_DIR'}= $opt_tmpdir;
$ENV{'MYSQLTEST_VARDIR'}= $opt_vardir;
if (IS_WINDOWS)
{
$ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."\\std_data";
}
else
{
$ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."/std_data";
}
# ----------------------------------------------------
# Setup env for NDB