Bug#18628 mysql-test-run: security problem(part1)

- Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl 


mysql-test/mysql-test-run.pl:
  Add usage of --secure-file-priv=vardir when starting mysqld
mysql-test/r/loaddata.result:
  Update test result after adding test to check that secure-file-priv
  works for "load data" and "load_file"
mysql-test/r/outfile.result:
  Update result
mysql-test/r/query_cache.result:
  Can't load from outside of vardir anymore
mysql-test/r/type_blob.result:
  Can't load from outside of vardir anymore
mysql-test/t/loaddata.test:
  Update test result after adding test to check that secure-file-priv 
  works for "load data" and "load_file"
mysql-test/t/outfile.test:
  Update test result after adding test to check that secure-file-priv
  works for "SELECT .. INTO OUTFILE"
mysql-test/t/query_cache.test:
  Can't load from outside of vardir anymore
mysql-test/t/type_blob.test:
  Can't load from outside of vardir anymore
sql/item_strfunc.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/mysql_priv.h:
  Add secure_file_priv
sql/mysqld.cc:
  Add "--secure_file_priv"
sql/set_var.cc:
  Add variable "secure_file_priv" to "show variables"
sql/sql_class.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/sql_class.h:
  Fix spelling error
sql/sql_load.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/share/errmsg.txt:
  Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded
  to --skip-grant-tables

mysql-test/t/loaddata.test

@@ -110,6 +110,29 @@ truncate table t1;
 load data infile '../std_data_ln/rpl_loaddata.dat' into table t1 (@dummy,@n) set a= @n, c= (select str from t2 where num=@n);
 select * from t1;
 
+#
+# Bug#18628 mysql-test-run: security problem
+#
+# It should not be possible to load from a file outside of vardir
+
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+show variables like "secure_file_pri%";
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+select @@secure_file_priv;
+--error 1238
+set @@secure_file_priv= 0;
+
+# Test "load data"
+truncate table t1;
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--error 1290
+eval load data infile '$MYSQL_TEST_DIR/Makefile' into table t1;
+select * from t1;
+
+# Test "load_file" returns NULL
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+eval select load_file("$MYSQL_TEST_DIR/Makefile");
+
 # cleanup
 drop table t1, t2;
 

mysql-test/t/outfile.test

@@ -84,3 +84,15 @@ FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
 FROM schemata LIMIT 0, 5;
 enable_query_log;
 --exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4
+use test;
+
+#
+# Bug#18628 mysql-test-run: security problem
+#
+# It should not be possible to write to a file outside of vardir
+create table t1(a int);
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--error 1290
+eval select * into outfile "$MYSQL_TEST_DIR/outfile-test1" from t1;
+drop table t1;
+

mysql-test/t/query_cache.test

@@ -405,8 +405,8 @@ select * from t1 where id=2;
 create table t1 (word char(20) not null);
 select * from t1;
 show status like "Qcache_queries_in_cache";
---replace_result $MYSQL_TEST_DIR TEST_DIR
-eval load data infile '$MYSQL_TEST_DIR/std_data/words.dat' into table t1;
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval load data infile '$MYSQLTEST_VARDIR/std_data_ln/words.dat' into table t1;
 show status like "Qcache_queries_in_cache";
 select count(*) from t1;
 drop table t1;

mysql-test/t/type_blob.test

@@ -307,22 +307,21 @@ drop table t1;
 create table t1 (id integer auto_increment unique,imagem LONGBLOB not null default '');
 insert into t1 (id) values (1);
 # We have to clean up the path in the results for safe comparison
---replace_result $MYSQL_TEST_DIR ../..
-eval select 
-  charset(load_file('$MYSQL_TEST_DIR/std_data/words.dat')),
-  collation(load_file('$MYSQL_TEST_DIR/std_data/words.dat')),
-  coercibility(load_file('$MYSQL_TEST_DIR/std_data/words.dat'));
---replace_result $MYSQL_TEST_DIR ../..
-eval explain extended select 
-  charset(load_file('$MYSQL_TEST_DIR/std_data/words.dat')),
-  collation(load_file('$MYSQL_TEST_DIR/std_data/words.dat')),
-  coercibility(load_file('$MYSQL_TEST_DIR/std_data/words.dat'));
---replace_result $MYSQL_TEST_DIR ../..
-eval update t1 set imagem=load_file('$MYSQL_TEST_DIR/std_data/words.dat') where id=1;
+eval select
+  charset(load_file('../std_data_ln/words.dat')),
+  collation(load_file('../std_data_ln/words.dat')),
+  coercibility(load_file('../std_data_ln/words.dat'));
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval explain extended select
+  charset(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat')),
+  collation(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat')),
+  coercibility(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat'));
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval update t1 set imagem=load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat') where id=1;
 select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1;
 drop table t1;
---replace_result $MYSQL_TEST_DIR ../..
-eval create table t1 select load_file('$MYSQL_TEST_DIR/std_data/words.dat') l;
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval create table t1 select load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat') l;
 # We mask out the Privileges column because it differs for embedded server
 --replace_column 8 #
 show full fields from t1;