Bug#50373 --secure-file-priv=""

Iterative patch improvement. Previously committed patch caused wrong result on Windows. The previous patch also broke secure_file_priv for symlinks since not all file paths which must be compared against this variable are normalized using the same norm. The server variable opt_secure_file_priv wasn't normalized properly and caused the operations LOAD DATA INFILE .. INTO TABLE .. and SELECT load_file(..) to do different interpretations of the --secure-file-priv option. The patch moves code to the server initialization routines so that the path always is normalized once and only once. It was also intended that setting the option to an empty string should be equal to lifting all previously set restrictions. This is also fixed by this patch.
2025-07-30 16:24:05 +03:00 · 2010-05-03 18:14:39 +02:00
parent 0f5afe5d7f
commit 5b6ebdf086
7 changed files with 64 additions and 25 deletions
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@ -1831,8 +1831,7 @@ static File create_file(THD *thd, char *path, sql_exchange *exchange,
  else
    (void) fn_format(path, exchange->file_name, mysql_real_data_home, "", option);

-  if (opt_secure_file_priv &&
-      strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv)))
+  if (!is_secure_file_path(path))
  {
    /* Write only allowed to dir or subdir specified by secure_file_priv */
    my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");