3678 Nirbhay Choubey 2011-04-29
Bug#11757855 - 49967: built-in libedit doesn't read
.editrc on linux.
MySQL client when build with libedit support ignores
.editrc at startup.
The reason for this regression was the incluison of a
safety check, issetugid(), which is not available on
some linux platforms.
Fixed by adding an equivalent check for platforms which
have get[e][u|g]id() set of functions.
@ cmd-line-utils/libedit/el.c
Bug#11757855 - 49967: built-in libedit doesn't read
.editrc on linux.
Added function calls to check user/group IDs on linux
systems which does not have issetugid() function.
@ configure.in
Bug#11757855 - 49967: built-in libedit doesn't read
.editrc on linux.
Added check for getuid, geteuid, getgid, getegid
functions.
modified:
cmd-line-utils/libedit/el.c
configure.in
3677 Bjorn Munch 2011-04-29 [merge]
merge from 5.1-mtr
modified:
mysql-test/lib/My/ConfigFactory.pm
mysql-test/lib/My/SafeProcess/safe_process.pl
mysql-test/mysql-test-run.pl
=== modified file 'cmd-line-utils/libedit/el.c'
--- a/cmd-line-utils/libedit/el.c 2009-06-11 16:21:32 +0000
+++ b/cmd-line-utils/libedit/el.c 2011-04-29 13:22:46 +0000
@@ -478,7 +478,13 @@ el_source(EditLine *el, const char *fnam
fp = NULL;
if (fname == NULL) {
-#ifdef HAVE_ISSETUGID
+/* XXXMYSQL: Bug#49967 */
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID) && \
+ defined(HAVE_GETGID) && defined(HAVE_GETEGID)
+#define HAVE_IDENTITY_FUNCS 1
+#endif
+
+#if (defined(HAVE_ISSETUGID) || defined(HAVE_IDENTITY_FUNCS))
static const char elpath[] = "/.editrc";
/* XXXMYSQL: Portability fix (for which platforms?) */
#ifdef MAXPATHLEN
@@ -486,9 +492,13 @@ el_source(EditLine *el, const char *fnam
#else
char path[4096];
#endif
-
+#ifdef HAVE_ISSETUGID
if (issetugid())
return (-1);
+#elif defined(HAVE_IDENTITY_FUNCS)
+ if (getuid() != geteuid() || getgid() != getegid())
+ return (-1);
+#endif
if ((ptr = getenv("HOME")) == NULL)
return (-1);
if (strlcpy(path, ptr, sizeof(path)) >= sizeof(path))
@@ -498,9 +508,10 @@ el_source(EditLine *el, const char *fnam
fname = path;
#else
/*
- * If issetugid() is missing, always return an error, in order
- * to keep from inadvertently opening up the user to a security
- * hole.
+ * If issetugid() or the above mentioned get[e][u|g]id()
+ * functions are missing, always return an error, in order
+ * to keep from inadvertently opening up the user to a
+ * security hole.
*/
return (-1);
#endif
=== modified file 'configure.in'
--- a/configure.in 2011-04-11 09:58:44 +0000
+++ b/configure.in 2011-04-29 13:22:46 +0000
@@ -1963,7 +1963,7 @@ AC_CHECK_HEADER(vis.h,
[AC_DEFINE([HAVE_VIS_H], [1],[Found vis.h and the strvis() function])])])
AC_CHECK_FUNCS(strlcat strlcpy)
-AC_CHECK_FUNCS(issetugid)
+AC_CHECK_FUNCS(issetugid getuid geteuid getgid getegid)
AC_CHECK_FUNCS(fgetln)
AC_CHECK_FUNCS(getline flockfile)
Attachment: [text/bzr-bundle] bzr/nirbhay.choubey@oracle.com-20110429132246-h4ocwark7szp8rcn.bundle
| Thread |
|---|
| • bzr push into mysql-5.1 branch (nirbhay.choubey:3677 to 3678) Bug#11757855 | Nirbhay Choubey | 30 Apr |
