database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

Bug#18628 mysql-test-run: security problem(part1)

Browse Source 
- Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl 


mysql-test/mysql-test-run.pl:
  Add usage of --secure-file-priv=vardir when starting mysqld
mysql-test/r/loaddata.result:
  Update test result after adding test to check that secure-file-priv
  works for "load data" and "load_file"
mysql-test/r/outfile.result:
  Update result
mysql-test/r/query_cache.result:
  Can't load from outside of vardir anymore
mysql-test/r/type_blob.result:
  Can't load from outside of vardir anymore
mysql-test/t/loaddata.test:
  Update test result after adding test to check that secure-file-priv 
  works for "load data" and "load_file"
mysql-test/t/outfile.test:
  Update test result after adding test to check that secure-file-priv
  works for "SELECT .. INTO OUTFILE"
mysql-test/t/query_cache.test:
  Can't load from outside of vardir anymore
mysql-test/t/type_blob.test:
  Can't load from outside of vardir anymore
sql/item_strfunc.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/mysql_priv.h:
  Add secure_file_priv
sql/mysqld.cc:
  Add "--secure_file_priv"
sql/set_var.cc:
  Add variable "secure_file_priv" to "show variables"
sql/sql_class.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/sql_class.h:
  Fix spelling error
sql/sql_load.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/share/errmsg.txt:
  Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded
  to --skip-grant-tables
This commit is contained in:
unknown
2007-02-14 14:44:34 +01:00
parent e04d001004
commit c4ae01e6f0
17 changed files with 135 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/r/query_cache.result
View File

@@ -622,7 +622,7 @@ word
show status like "Qcache_queries_in_cache";
Variable_name Value
Qcache_queries_in_cache 1
load data infile 'TEST_DIR/std_data/words.dat' into table t1;
load data infile 'MYSQLTEST_VARDIR/std_data_ln/words.dat' into table t1;
show status like "Qcache_queries_in_cache";
Variable_name Value
Qcache_queries_in_cache 0