database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE

Browse Source 
RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
the file to which the symlink points.

This is security issue, because it is possible to create a table with
some name in some non-system database and set DATA/INDEX DIRECTORY
to mysql system database. Renaming this table to one of mysql system
tables (e.g. user, host) would overwrite the system table.

Return an error when the file to which the symlink points exist.
This commit is contained in:
svoj@mysql.com/june.mysql.com
2007-11-06 18:09:33 +04:00
parent 5cbe511f3b
commit d06e2f9223
3 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mysql-test/r/symlink.result
View File

@ -84,3 +84,9 @@ t1 CREATE TABLE `t1` (
`b` int(11) default NULL
) TYPE=MyISAM
drop table t1;
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/var/master-data/mysql'
INDEX DIRECTORY='TEST_DIR/var/master-data/mysql';
RENAME TABLE t1 TO user;
Can't create/write to file 'TEST_DIR/var/master-data/mysql/user.MYI' (Errcode: 17)
DROP TABLE t1;