database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

Bug#18628 mysql-test-run: security problem(part1)

Browse Source 
- Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl
This commit is contained in:
msvensson@pilot.mysql.com
2007-02-14 14:44:34 +01:00
parent d1a7949297
commit 45fe5879f4
17 changed files with 135 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
mysql-test/r/loaddata.result
View File

@@ -139,4 +139,20 @@ select * from t1;
a b c
10 NULL Ten
15 NULL Fifteen
show variables like "secure_file_pri%";
Variable_name Value
secure_file_priv MYSQLTEST_VARDIR/
select @@secure_file_priv;
@@secure_file_priv
MYSQLTEST_VARDIR/
set @@secure_file_priv= 0;
ERROR HY000: Variable 'secure_file_priv' is a read only variable
truncate table t1;
load data infile 'MYSQL_TEST_DIR/Makefile' into table t1;
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
select * from t1;
a b c
select load_file("MYSQL_TEST_DIR/Makefile");
load_file("MYSQL_TEST_DIR/Makefile")
NULL
drop table t1, t2;