mirror of
https://github.com/MariaDB/server.git
synced 2025-10-31 15:50:51 +03:00
21da523f17
"load data infile .." allowed for access to unautohorized tables. Due to a faulty if-statement it was possible to circumvent the secure_file_priv restriction. mysql-test/mysql-test-run.pl: * Add SECURE_LOAD_PATH environment variable to mtr test cases. mysql-test/suite/sys_vars/r/secure_file_priv2.result: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2.test: * add test for bug58747 sql/sql_load.cc: * Correct faulty if-statement * fix indentation * move my_stat() block to after is_secure_file_path() check.
24 lines
697 B
Plaintext
24 lines
697 B
Plaintext
#
|
|
# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders
|
|
#
|
|
CREATE TABLE t1 (c1 INT);
|
|
#
|
|
# Before the patch this statement failed with
|
|
# Linux:
|
|
# -> errno 13: 'Can't get stat of '
|
|
# Windows:
|
|
# -> Warning 1366 Incorrect integer value: '■■☺' for
|
|
# -> column 'c1' at row 1
|
|
# Now it should consistently fail with ER_OPTION_PREVENTS_STATEMENT
|
|
# on all platforms.
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
LOAD DATA INFILE "t1.MYI" into table t1;
|
|
|
|
#
|
|
# The following test makes the assuption that /test isn't a valid path in any
|
|
# operating system running the test suite.
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
LOAD DATA INFILE "/test" into table t1;
|
|
|
|
DROP TABLE t1;
|