Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders

"load data infile .." allowed for access to unautohorized tables. Due to a faulty if-statement it was possible to circumvent the secure_file_priv restriction. mysql-test/mysql-test-run.pl: * Add SECURE_LOAD_PATH environment variable to mtr test cases. mysql-test/suite/sys_vars/r/secure_file_priv2.result: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2.test: * add test for bug58747 sql/sql_load.cc: * Correct faulty if-statement * fix indentation * move my_stat() block to after is_secure_file_path() check.
2025-08-08 11:22:35 +03:00 · 2010-12-16 11:49:40 +01:00
parent 4ced023cb8
commit 21da523f17
5 changed files with 85 additions and 44 deletions
--- a/mysql-test/suite/sys_vars/r/secure_file_priv2.result
+++ b/mysql-test/suite/sys_vars/r/secure_file_priv2.result
@@ -0,0 +1,6 @@
+CREATE TABLE t1 (c1 INT);
+LOAD DATA INFILE "t1.MYI" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+LOAD DATA INFILE "/test" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+DROP TABLE t1;