database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-31 22:22:30 +03:00
Code Activity

BUG#28341 - Security issue still in library loading

Browse Source 
UDF can be created from any library in any part of the server
LD_LIBRARY_PATH.

Allow to load udfs only from plugin_dir.
On windows, refuse to open udf in case it's path contains a slash.

No good test case for this bug because of imperfect error message
that includes error code and error string when it fails to dlopen a
library.


mysql-test/mysql-test-run.pl:
  Since plugins are allowed to be open only from plugin_dir:
  - there is no sence to update LD_LIBRARY_PATH
  - there is no sence to add plugin_dir arg by default
  - set UDF_EXAMPLE_LIB_OPT and EXAMPLE_PLUGIN_OPT to be used by
    udf and plugin tests accordingly.
mysql-test/r/plugin.result:
  Updated test result (we report addition warning).
sql/sql_udf.cc:
  Allow to load udfs only from plugin_dir.
  On windows, refuse to open udf in case it's path contains a slash.
mysql-test/t/plugin-master.opt:
  New BitKeeper file ``mysql-test/t/plugin-master.opt''
mysql-test/t/udf-master.opt:
  New BitKeeper file ``mysql-test/t/udf-master.opt''
This commit is contained in:
unknown
2007-05-18 16:23:46 +05:00
parent 0ea67375ef
commit 7839da601c
5 changed files with 30 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
mysql-test/mysql-test-run.pl
View File

@@ -1766,22 +1766,6 @@ sub environment_setup () {
push(@ld_library_paths, "$glob_basedir/storage/ndb/src/.libs");
}
# --------------------------------------------------------------------------
# Add the path where mysqld will find udf_example.so
# --------------------------------------------------------------------------
if ( $lib_udf_example )
{
push(@ld_library_paths, dirname($lib_udf_example));
}
# --------------------------------------------------------------------------
# Add the path where mysqld will find ha_example.so
# --------------------------------------------------------------------------
if ( $lib_example_plugin )
{
push(@ld_library_paths, dirname($lib_example_plugin));
}
# --------------------------------------------------------------------------
# Valgrind need to be run with debug libraries otherwise it's almost
# impossible to add correct supressions, that means if "/usr/lib/debug"
@@ -2060,12 +2044,16 @@ sub environment_setup () {
# ----------------------------------------------------
$ENV{'UDF_EXAMPLE_LIB'}=
($lib_udf_example ? basename($lib_udf_example) : "");
$ENV{'UDF_EXAMPLE_LIB_OPT'}=
($lib_udf_example ? "--plugin_dir=" . dirname($lib_udf_example) : "");
# ----------------------------------------------------
# Add the path where mysqld will find ha_example.so
# ----------------------------------------------------
$ENV{'EXAMPLE_PLUGIN'}=
($lib_example_plugin ? basename($lib_example_plugin) : "");
$ENV{'EXAMPLE_PLUGIN_OPT'}=
($lib_example_plugin ? "--plugin_dir=" . dirname($lib_example_plugin) : "");
# ----------------------------------------------------
# We are nice and report a bit about our settings
@@ -3821,9 +3809,6 @@ sub mysqld_arguments ($$$$) {
mtr_add_arg($args, "%s--ndb-extra-logging", $prefix);
}
}
mtr_add_arg($args, "%s--plugin_dir=%s", $prefix,
dirname($lib_example_plugin));
}
else
{