database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

Bug#18628 mysql-test-run: security problem(part1)

Browse Source 
- Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl
This commit is contained in:
msvensson@pilot.mysql.com
2007-02-14 14:44:34 +01:00
parent d1a7949297
commit 45fe5879f4
17 changed files with 135 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sql/sql_load.cc
View File

@@ -302,6 +302,15 @@ bool mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
is_fifo = 1;
#endif
if (opt_secure_file_priv &&
strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv)))
{
/* Read only allowed from within dir specified by secure_file_priv */
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
DBUG_RETURN(TRUE);
}
}
if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0)
DBUG_RETURN(TRUE);