MDEV-4068 rpm scriptlet chown command dangerous

add --mysqld option to my_print_defaults change server-postin script to use that
2025-07-30 16:24:05 +03:00 · 2013-03-06 09:32:13 +01:00
parent 62b9be6542
commit 3bfd88d1d6
9 changed files with 63 additions and 42 deletions
--- a/cmake/cpack_rpm.cmake
+++ b/cmake/cpack_rpm.cmake
@ -49,6 +49,7 @@ MariaDB bug reports should be submitted through https://mariadb.atlassian.net/
 SET(CPACK_RPM_SPEC_MORE_DEFINE "
 %define mysql_vendor ${CPACK_PACKAGE_VENDOR}
 %define mysqlversion ${MYSQL_NO_DASH_VERSION}
 %define mysqlbasedir ${CMAKE_INSTALL_PREFIX}
 %define mysqldatadir ${INSTALL_MYSQLDATADIR}
 %define mysqld_user  mysql
 %define mysqld_group mysql
--- a/extra/my_print_defaults.c
+++ b/extra/my_print_defaults.c
@ -26,8 +26,13 @@
 #include <my_sys.h>
 #include <m_string.h>
 #include <my_getopt.h>
 #include <mysql_version.h>
 #define load_default_groups mysqld_groups
 #include <mysqld_default_groups.h>
 #undef load_default_groups
 my_bool opt_mysqld;
 const char *config_file="my";			/* Default config file */
 uint verbose= 0, opt_defaults_file_used= 0;
 const char *default_dbug_option="d:t:o,/tmp/my_print_defaults.trace";
@ -78,6 +83,8 @@ static struct my_option my_long_options[] =
   (void *)&my_defaults_extra_file,
   (void *)&my_defaults_extra_file, 0, GET_STR,
   REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
  {"mysqld", 0, "Read the same set of groups that the mysqld binary does.",
   &opt_mysqld, &opt_mysqld, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
  {"no-defaults", 'n', "Return an empty string (useful for scripts).",
   0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
  {"help", '?', "Display this help message and exit.",
@ -98,11 +105,12 @@ static void usage(my_bool version)
    return;
  puts("This software comes with ABSOLUTELY NO WARRANTY. This is free software,\nand you are welcome to modify and redistribute it under the GPL license\n");
  puts("Prints all arguments that is give to some program using the default files");
-  printf("Usage: %s [OPTIONS] groups\n", my_progname);
+  printf("Usage: %s [OPTIONS] [groups]\n", my_progname);
  my_print_help(my_long_options);
  my_print_default_files(config_file);
  my_print_variables(my_long_options);
  printf("\nExample usage:\n%s --defaults-file=example.cnf client client-server mysql\n", my_progname);
  exit(0);
 }
@ -115,17 +123,15 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
      opt_defaults_file_used= 1;
      break;
    case 'n':
-    exit(0);
+      exit(0);
    case 'I':
    case '?':
-    usage(0);
+      usage(0);
    exit(0);
    case 'v':
      verbose++;
      break;
    case 'V':
-    usage(1);
+      usage(1);
    exit(0);
    case '#':
      DBUG_PUSH(argument ? argument : default_dbug_option);
      break;
@ -141,11 +147,6 @@ static int get_options(int *argc,char ***argv)
  if ((ho_error=handle_options(argc, argv, my_long_options, get_one_option)))
    exit(ho_error);
  if (*argc < 1)
  {
    usage(0);
    return 1;
  }
  return 0;
 }
@ -153,9 +154,10 @@ static int get_options(int *argc,char ***argv)
 int main(int argc, char **argv)
 {
  int count, error, args_used;
-  char **load_default_groups, *tmp_arguments[6];
+  char **load_default_groups= 0, *tmp_arguments[6];
  char **argument, **arguments, **org_argv;
  char *defaults, *extra_defaults, *group_suffix;
  int nargs, i= 0;
  MY_INIT(argv[0]);
  org_argv= argv;
@ -169,13 +171,25 @@ int main(int argc, char **argv)
  arguments[count]= 0;
  /* Check out the args */
  if (!(load_default_groups=(char**) my_malloc((argc+1)*sizeof(char*),
 					       MYF(MY_WME))))
    exit(1);
  if (get_options(&argc,&argv))
    exit(1);
  memcpy((char*) load_default_groups, (char*) argv, (argc + 1) * sizeof(*argv));
  nargs= argc + 1;
  if (opt_mysqld)
    nargs+= array_elements(mysqld_groups);
  if (nargs < 2)
    usage(0);
  load_default_groups=(char**) my_malloc(nargs*sizeof(char*), MYF(MY_WME));
  if (!load_default_groups)
    exit(1);
  if (opt_mysqld)
  {
    for (; mysqld_groups[i]; i++)
      load_default_groups[i]= (char*) mysqld_groups[i];
  }
  memcpy(load_default_groups + i, argv, (argc + 1) * sizeof(*argv));
  if ((error= load_defaults(config_file, (const char **) load_default_groups,
 			   &count, &arguments)))
  {
@ -198,6 +212,6 @@ int main(int argc, char **argv)
      puts(*argument);
  my_free(load_default_groups);
  free_defaults(arguments);
-
+  my_end(0);
  exit(0);
 }
--- a/include/mysqld_default_groups.h
+++ b/include/mysqld_default_groups.h
@ -0,0 +1,8 @@
 const char *load_default_groups[]= {
 #ifdef WITH_NDBCLUSTER_STORAGE_ENGINE
 "mysql_cluster",
 #endif
 "mysqld", "server", MYSQL_BASE_VERSION,
 "mariadb", MARIADB_BASE_VERSION,
 "client-server",
 0, 0};
--- a/scripts/mysql_install_db.sh
+++ b/scripts/mysql_install_db.sh
@ -257,7 +257,7 @@ fi
 # Now we can get arguments from the groups [mysqld] and [mysql_install_db]
 # in the my.cfg file, then re-run to merge with command line arguments.
-parse_arguments `"$print_defaults" $defaults mysqld mariadb mysql_install_db client-server`
+parse_arguments `"$print_defaults" $defaults --mysqld mysql_install_db`
 parse_arguments PICK-ARGS-FROM-ARGV "$@"
 # Configure paths to support files
--- a/scripts/mysqld_multi.sh
+++ b/scripts/mysqld_multi.sh
@ -237,7 +237,7 @@ sub defaults_for_group
 sub init_log
 {
-  foreach my $opt (defaults_for_group('mysqld mariadb'))
+  foreach my $opt (defaults_for_group('--mysqld'))
  {
    if ($opt =~ m/^--datadir=(.*)/ && -d "$1" && -w "$1")
    {
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@ -503,7 +503,7 @@ append_arg_to_args () {
 args=
 SET_USER=2
-parse_arguments `$print_defaults $defaults --loose-verbose mysqld mariadb server client-server`
+parse_arguments `$print_defaults $defaults --loose-verbose --mysqld`
 if test $SET_USER -eq 2
 then
  SET_USER=0
--- a/scripts/mysqldumpslow.sh
+++ b/scripts/mysqldumpslow.sh
@ -53,7 +53,7 @@ GetOptions(\%opt,
 $opt{'help'} and usage();
 unless (@ARGV) {
-    my $defaults   = `my_print_defaults mysqld mariadb`;
+    my $defaults   = `my_print_defaults --mysqld`;
    my $datadir = ($defaults =~ m/--datadir=(.*)/g)[-1];
    if (!$datadir or $opt{i}) {
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@ -3203,14 +3203,7 @@ pthread_handler_t handle_shutdown(void *arg)
 }
 #endif
-const char *load_default_groups[]= {
+#include <mysqld_default_groups.h>
 #ifdef WITH_NDBCLUSTER_STORAGE_ENGINE
 "mysql_cluster",
 #endif
 "mysqld", "server", MYSQL_BASE_VERSION,
 "mariadb", MARIADB_BASE_VERSION,
 "client-server",
 0, 0};
 #if defined(__WIN__) && !defined(EMBEDDED_LIBRARY)
 static const int load_default_groups_sz=
--- a/support-files/rpm/server-postin.sh
+++ b/support-files/rpm/server-postin.sh
@ -5,41 +5,46 @@ if [ $1 = 1 ] ; then
          /sbin/chkconfig --add mysql
  fi
-  mysql_dirs=(`%{_sbindir}/mysqld --verbose --help 2>/dev/null|sed -ne 's/^\(basedir\|datadir\)[[:space:]]*\(.*\)$/\2/p'`)
+  basedir=`%{_bindir}/my_print_defaults --mysqld|sed -ne 's/^--basedir=//p'|tail -1`
-  basedir="${mysql_dirs[0]}"
+  if [ -z "$basedir" ] ; then
-  datadir="${mysql_dirs[1]}"
+    basedir=%{mysqlbasedir}
-  # datadir may be relative to a basedir!
+  fi
-  if expr $datadir : / > /dev/null; then
+
-    mysql_datadir=$datadir
+  datadir=`%{_bindir}/my_print_defaults --mysqld|sed -ne 's/^--datadir=//p'|tail -1`
  if [ -z "$datadir" ] ; then
    datadir=%{mysqldatadir}
  else
-    mysql_datadir=$basedir/$datadir
+    # datadir may be relative to a basedir!
    if ! expr $datadir : / > /dev/null; then
      datadir=$basedir/$datadir
    fi
  fi
  # Create a MySQL user and group. Do not report any problems if it already
  # exists.
  groupadd -r %{mysqld_group} 2> /dev/null || true
-  useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true 
+  useradd -M -r -d $datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true 
  # The user may already exist, make sure it has the proper group nevertheless (BUG#12823)
  usermod -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
  # Change permissions so that the user that will run the MySQL daemon
  # owns all database files.
-  chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
+  chown -R %{mysqld_user}:%{mysqld_group} $datadir
-  if [ ! -e $mysql_datadir ]; then
+  if [ ! -e $datadir ]; then
    # Create data directory
-    mkdir -p $mysql_datadir/{mysql,test}
+    mkdir -p $datadir/{mysql,test}
    # Initiate databases
    %{_bindir}/mysql_install_db --rpm --user=%{mysqld_user}
  fi
  # Change permissions again to fix any new files.
-  chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
+  chown -R %{mysqld_user}:%{mysqld_group} $datadir
  # Fix permissions for the permission database so that only the user
  # can read them.
-  chmod -R og-rw $mysql_datadir/mysql
+  chmod -R og-rw $datadir/mysql
 fi
 # install SELinux files - but don't override existing ones