Description: Using the temporary file vulnerability an
attacker can create a file with arbitrary content at a
location of his choice. This can be used to create the
file /var/lib/mysql/my.cnf, which will be read as a
configuration file by MySQL, because it is located in the
home directory of the mysql user. With this configuration
file, the attacker can specify his own plugin_dir variable,
which then allows him to load arbitrary code via
"INSTALL PLUGIN...".
Analysis: While creating the ".TMD" file we are not checking
if the file is already exits or not in mi_repair() function.
And we are truncating if the ".TMD" file exits and going ahead
This is creating the security breach.
Fix: We need to use O_EXCL flag along with O_RDWR and O_TRUNC
which will make sure if any user creates ".TMD" file, will
fails the repair table with "cannot create ".TMD" file error".
Actually we are initialing "param.tmpfile_createflag" member
with O_RDWR | O_TRUNC | O_EXCL in myisamchk_init(). And we
are modifying it in ha_myisam::repair() to O_RDWR | O_TRUNC.
So, we need to remove the line which is modifying the
"param.tmpfile_createflag".
Description: Using the temporary file vulnerability an
attacker can create a file with arbitrary content at a
location of his choice. This can be used to create the
file /var/lib/mysql/my.cnf, which will be read as a
configuration file by MySQL, because it is located in the
home directory of the mysql user. With this configuration
file, the attacker can specify his own plugin_dir variable,
which then allows him to load arbitrary code via
"INSTALL PLUGIN...".
Analysis: While creating the ".TMD" file we are not checking
if the file is already exits or not in mi_repair() function.
And we are truncating if the ".TMD" file exits and going ahead
This is creating the security breach.
Fix: We need to use O_EXCL flag along with O_RDWR and O_TRUNC
which will make sure if any user creates ".TMD" file, will
fails the repair table with "cannot create ".TMD" file error".
Actually we are initialing "param.tmpfile_createflag" member
with O_RDWR | O_TRUNC | O_EXCL in myisamchk_init(). And we
are modifying it in ha_myisam::repair() to O_RDWR | O_TRUNC.
So, we need to remove the line which is modifying the
"param.tmpfile_createflag".
"Table upgrade required..."
The row format is only different for the case where we have a very old MyISAM table with varchar fields, null fields and created with CHECKSUM=1
The table is usable, except that CHECKSUM TABLE will give a wrong result and CHECK TABLE will warn about this.
I added a test for this to warn when a table needs to be upgraded, but forgot to add a test that this was only relevant for tables with CHECKSUM=1
This is now fixed.
storage/myisam/ha_myisam.cc:
Fixed wrong test.
Copied relevant test cases and code from the MySQL 5.6 tree
Testing of my_use_symdir moved to engines.
mysql-test/r/partition_windows.result:
Updated result file
mysql-test/suite/archive/archive_no_symlink-master.opt:
Testing of symlinks with archive
mysql-test/suite/archive/archive_no_symlink.result:
Testing of symlinks with archive
mysql-test/suite/archive/archive_no_symlink.test:
Testing of symlinks with archive
mysql-test/suite/archive/archive_symlink.result:
Testing of symlinks with archive
mysql-test/suite/archive/archive_symlink.test:
Testing of symlinks with archive
sql/log_event.cc:
Updated comment
sql/partition_info.cc:
Don't test my_use_symdir here
sql/sql_parse.cc:
Updated comment
sql/sql_table.cc:
Don't test my_use_symdir here
sql/table.cc:
Added more DBUG_PRINT
storage/archive/ha_archive.cc:
Give warnings for index_file_name and if we can't use data directory
storage/myisam/ha_myisam.cc:
Give warnings if we can't use data directory or index directory
This is port of fix for MySQL BUG#17647863.
revno: 5572
revision-id: jon.hauglid@oracle.com-20131030232243-b0pw98oy72uka2sj
committer: Jon Olav Hauglid <jon.hauglid@oracle.com>
timestamp: Thu 2013-10-31 00:22:43 +0100
message:
Bug#17647863: MYSQL DOES NOT COMPILE ON OSX 10.9 GM
Rename test() macro to MY_TEST() to avoid conflict with libc++.
Cleanups:
* remove unused HA_EXTRA_EXPORT (can be added later if needed, e.g. for Aria)
* clarify the meaning of HA_CAN_EXPORT
* make all engines that support EXPORT to announce it
* reduce code duplication
mysql_upgrade --help now also prints out --default options and variable values.
mysql_upgrade now prints permission errors.
mysql_upgrade doesn't print some non essential info if --silent is used.
Added handler error message about incompatible versions
Fixed that mysqlbug and mysql_install_db have the executable flag set.
Removed executable flag for some non executable files.
Changed in mysql_install_db askmonty.org to mariadb.com.
Ensured that all client executables prints --default options the same way.
Allow REPAIR ... USE_FRM for old .frm files if the are still compatible.
Extended shown error for storage engine messages.
client/mysql.cc:
print_defaults() should be first (as in all other programs)
client/mysql_upgrade.c:
--help now also prints out --default options and variable values
Print out error if wrong permissions
Don't print info if --silent
client/mysqladmin.cc:
print_defaults() should be first (as in all other programs)
client/mysqlbinlog.cc:
Added print_defaults() to --help
client/mysqlcheck.c:
Added empty line in --help
client/mysqlimport.c:
Added empty line in --help
client/mysqlshow.c:
Made --help compatible
client/mysqlslap.c:
Made --help compatible
client/mysqltest.cc:
Added print_defaults() to --help
include/handler_ername.h:
Added handler error message
include/my_base.h:
Added handler error message
mysql-test/r/mysql_upgrade.result:
Updated results
mysql-test/r/repair.result:
Added test case for better error messages
mysql-test/std_data/host_old.MYD:
Added test case for better error messages
mysql-test/std_data/host_old.MYI:
Added test case for better error messages
mysql-test/std_data/host_old.frm:
Added test case for better error messages
mysql-test/t/repair.test:
Added test case for better error messages
mysys/my_handler_errors.h:
Added handler error message
scripts/CMakeLists.txt:
Fixed that mysqlbug and mysql_install_db have the executable flag set
scripts/mysql_install_db.sh:
askmonty.org -> mariadb.com
sql/ha_partition.cc:
Sometimes table_type() can be called for errors even if partition didn't manage to open any files
sql/handler.cc:
Write clear text for not handled, but defined error messages.
sql/share/errmsg-utf8.txt:
Extended shown error for storage engine messages
sql/sql_admin.cc:
Allow REPAIR ... USE_FRM for old .frm files if the are still compatible
storage/myisam/ha_myisam.cc:
Use new error message
* update results
* don't force HA_CREATE_DELAY_KEY_WRITE on all temp tables,
(bad for CREATE ... LIKE) instead imply it in myisam/aria
* restore HA_ERR_TABLE_DEF_CHANGED in archive
* increase the default number of rwlock classes in P_S to fit all our rwlocks
includes:
* remove some remnants of "Bug#14521864: MYSQL 5.1 TO 5.5 BUGS PARTITIONING"
* introduce LOCK_share, now LOCK_ha_data is strictly for engines
* rea_create_table() always creates .par file (even in "frm-only" mode)
* fix a 5.6 bug, temp file leak on dummy ALTER TABLE
Backport the fix olav.sandstaa@sun.com-20101102184747-qfuntqwj021imy9r:
"Fix for Bug#52660 Perf. regr. using ICP for MyISAM on range queries on an index containing TEXT"
(together with further fixes in that code) into MyISAM and Aria.
Includes 5.6 changesets for:
*****
Fix for BUG#13489996 valgrind:conditional jump or move depends on uninitialised values-field_blob.
blob_ptr_size was not initialized properly: remove this variable.
*****
Bug#14021323 CRASH IN FIELD::SET_NULL WHEN INSERTING ROWS TO NEW TABLE
*****
mysql-test/include/wait_show_condition.inc:
Print failing statement if timeout
mysql-test/r/myisam-metadata.result:
Updated DBUG_SYNC
mysql-test/t/myisam-metadata.test:
Updated DBUG_SYNC.
Removed wait_show_condtion, as this is not needed when we use DBUG_SYNC
This should fix timing issues with the test
mysys/thr_mutex.c:
Added comments
sql/sql_acl.cc:
atoi -> atoll() (Safety)
storage/myisam/ha_myisam.cc:
Send signal before mi_repair_by_sort.
Fixed some cases that didn't work with > 4G buffers.
Fixed compiler warnings
include/mysql_com.h:
Avoid compiler warning with strncmp()
sql-common/client.c:
Fixed long comment; Added ()
sql/filesort.cc:
Fix code to get filesort to work with big buffers
sql/sys_vars.cc:
Fixed some cache variables that could be set to higher value than the size_t
Limit query cache to ULONG_MAX as the query cache buffer variables are ulong
storage/federatedx/ha_federatedx.cc:
Remove not used variable
storage/maria/ha_maria.cc:
Fix that bulk_insert() works with big buffers
storage/maria/ma_write.c:
Fix that bulk_insert() works with big buffers
storage/myisam/ha_myisam.cc:
Fix that bulk_insert() works with big buffers
storage/myisam/mi_write.c:
Fix that bulk_insert() works with big buffers
storage/sphinx/snippets_udf.cc:
Fixed compiler warnings
- If one specifies --force twice to myisamchk and aria_chk, then we will try to finnish the repair even if sort_buffer would be too small.
This was done by dynamically allocate buffer handler objects as long as memory lasts.
- New option for myisamchk and aria_chk: create-missing-keys
- Changed default size of myisam_sort_buffer_size from 8M to 128M.
- Changed default size of sort_buffer_size in aria_chk from 128M to 256M.
- Increased information in error message about 'sort_buffer_size' beeing to small.
- Print also to 'show warnings' if repair was retried.
- Increased size of internal sort-buffer-readers from 16K to 128K
- Changed printing of 'number of records' to use %ll instead of casting to long
- Changed buffer sizes for myisam and aria to use MY_ALIGN_DOWN() to get same number of bytes allocated on different machines.
include/my_global.h:
Added MY_ALIGN_DOWN() to get previous alignment (for big memory areas)
include/myisam.h:
Increased size of types to be able to handle more records
include/myisamchk.h:
Increased size of types to be able to handle more records
Added T_FORCE_SORT_MEMORY to force repair to work even if sort_buffer would not be big enough
mysql-test/r/myisam.result:
Updated result
mysql-test/r/mysqld--help.result:
Updated result
mysql-test/r/repair.result:
Updated result
mysql-test/suite/maria/maria.result:
Added test cases for some fixed bugs in MyISAM to verify that Aria doesn't have them too.
mysql-test/suite/maria/maria.test:
Added test cases for some fixed bugs in MyISAM to verify that Aria doesn't have them too.
mysql-test/suite/maria/maria3.result:
Updated result after sort buffer size increase
mysql-test/suite/sys_vars/r/aria_sort_buffer_size_basic.result:
Updated result after sort buffer size increase
mysql-test/suite/sys_vars/r/myisam_sort_buffer_size_basic.result:
Updated result after sort buffer size increase
mysql-test/suite/sys_vars/t/myisam_sort_buffer_size_basic.test:
Updated result after sort buffer size increase
mysql-test/t/myisam.test:
Fixed error messages to not print system specific data
mysql-test/t/repair.test:
Fixed error messages to not print system specific data
storage/maria/ha_maria.cc:
Print also to 'show warnings' if repair was retried
Changed default size of sort_buffer_size from 128M to 256M (same as in mysqld)
storage/maria/ma_check.c:
Renamed USE_BUFFER_INIT -> PAGE_BUFFER_INIT
storage/maria/ma_sort.c:
Increased size of internal sort-buffer-readers from 16K to 128K
Increased size of types to be able to handle more records
Added support for T_FORCE_SORT_MEMORY
Don't allocate too many extra BUFFPEK at a time (they are probably not needed)
Improved error message for "sort_buffer_size is too small"
Changed printing of 'number of records' to use %ll instead of casting to long
Fixed bug where maria_update_key_parts() was called too early.
Fixed bug in detecting result from read_to_buffer().
Added 'out of memory' checking when calling 'alloc_dynamic()'.
storage/maria/maria_chk.c:
Added --create-missing-keys
If one specifies --force twice then we will try to finnish the repair even if sort_buffer would be too small.
check_param.sort_buffer_length varialble was used with wrong type.
storage/maria/maria_def.h:
Increased size of types to be able to handle more records
Use MY_ALIGN_DOWN() to get same number of bytes allocated on different machines
Renamed USE_BUFFER_INIT -> PAGE_BUFFER_INIT
storage/maria/maria_ftdump.c:
Renamed USE_BUFFER_INIT -> PAGE_BUFFER_INIT
storage/maria/maria_read_log.c:
Use PAGE_BUFFER_INIT for page cache
storage/myisam/ha_myisam.cc:
Changed default size of myisam_sort_buffer_size from 8M to 128M
storage/myisam/mi_check.c:
Renamed USE_BUFFER_INIT -> KEY_BUFFER_INIT
storage/myisam/myisam_ftdump.c:
Renamed USE_BUFFER_INIT -> KEY_BUFFER_INIT
storage/myisam/myisamchk.c:
Added --create-missing-keys
If one specifies --force twice then we will try to finnish the repair even if sort_buffer would be too small.
check_param.sort_buffer_length varialble was used with wrong type.
Renamed USE_BUFFER_INIT -> KEY_BUFFER_INIT
storage/myisam/myisamdef.h:
Increased SORT_BUFFER_INIT to 64M
(speeds up repair a lot and most machines have nowadays a lot of memory)
Use MY_ALIGN_DOWN() to get same number of bytes allocated on different machines
Renamed USE_BUFFER_INIT -> KEY_BUFFER_INIT
storage/myisam/sort.c:
Increased size of internal sort-buffer-readers from 16K to 128K
Increased size of types to be able to handle more records
Added support for T_FORCE_SORT_MEMORY
Don't allocate too many extra BUFFPEK at a time (they are probably not needed)
Improved error message for "sort_buffer_size is too small"
Changed printing of 'number of records' to use %ll instead of casting to long
Fixed bug in detecting result from read_to_buffer().
Added 'out of memory' checking when calling 'alloc_dynamic()'.
The patch lifts the limitation of the current implementation
of ALTER TABLE that does not allow to build unique/primary
indexes by sort for MyISAM and Aria engines.
Generalized support for auto-updated and/or auto-initialized timestamp
and datetime columns. This patch is a reimplementation of MySQL's
"WL#5874: CURRENT_TIMESTAMP as DEFAULT for DATETIME columns". In order to
ease future merges, this implementation reused few function and variable
names from MySQL's patch, however the implementation is quite different.
TODO:
The only unresolved problem in this patch is the semantics of LOAD DATA for
TIMESTAMP and DATETIME columns in the cases when there are missing or NULL
columns. I couldn't fully comprehend the logic behind MySQL's behavior and
its relationship with their own documentation, so I left the results to be
more consistent with all other LOAD cases.
The problematic test cases can be seen by running the test file function_defaults,
and observing the test case differences. Those were left on purpose for discussion.
- index_merge/intersection is unable to work on GIS indexes, because:
1. index scans have no Rowid-Ordered-Retrieval property
2. When one does an index-only read over a GIS index, they do not
get the index tuple, because index only contains bounding box of the geometry.
This is why key_copy() call crashed.
This patch fixes#1, which makes the problem go away. Theoretically, it would
be nice to check #2, too, but SE API semantics is not sufficiently precise to do it.
