database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#18628 mysql-test-run: security problem(part1)

Browse Source 
- Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl 


mysql-test/mysql-test-run.pl:
  Add usage of --secure-file-priv=vardir when starting mysqld
mysql-test/r/loaddata.result:
  Update test result after adding test to check that secure-file-priv
  works for "load data" and "load_file"
mysql-test/r/outfile.result:
  Update result
mysql-test/r/query_cache.result:
  Can't load from outside of vardir anymore
mysql-test/r/type_blob.result:
  Can't load from outside of vardir anymore
mysql-test/t/loaddata.test:
  Update test result after adding test to check that secure-file-priv 
  works for "load data" and "load_file"
mysql-test/t/outfile.test:
  Update test result after adding test to check that secure-file-priv
  works for "SELECT .. INTO OUTFILE"
mysql-test/t/query_cache.test:
  Can't load from outside of vardir anymore
mysql-test/t/type_blob.test:
  Can't load from outside of vardir anymore
sql/item_strfunc.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/mysql_priv.h:
  Add secure_file_priv
sql/mysqld.cc:
  Add "--secure_file_priv"
sql/set_var.cc:
  Add variable "secure_file_priv" to "show variables"
sql/sql_class.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/sql_class.h:
  Fix spelling error
sql/sql_load.cc:
  Check that the path "load_file" uses for the file is within 
  what's specified with --secure-file-priv
sql/share/errmsg.txt:
  Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded
  to --skip-grant-tables
This commit is contained in:
unknown
2007-02-14 14:44:34 +01:00
parent e04d001004
commit c4ae01e6f0
17 changed files with 135 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sql/sql_load.cc
View File

@ -302,6 +302,15 @@ bool mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
is_fifo = 1;
#endif
if (opt_secure_file_priv &&
strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv)))
{
/* Read only allowed from within dir specified by secure_file_priv */
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
DBUG_RETURN(TRUE);
}
}
if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0)
DBUG_RETURN(TRUE);