4201 Nirbhay Choubey 2012-08-30
Bug #14513708 .MYLOGIN.CNF SHOULD BE IGNORED IF ITS
NOT EXCLUSIVELY READ/WRITABLE BY CURR. USER
In the option handling system, the file permissions
for login file were being checked like other option
files.
Added a check separately for login file to make sure
that it gets ignored if its not exclusively readable/
writable by current user. Also moved the permissions-
checking code to a new function.
Manually tested.
modified:
client/mysql_config_editor.cc
mysys_ssl/my_default.cc
4200 Vasil Dimov 2012-08-30
Backport WL#6347 InnoDB: Index level compression stats
from mysql-trunk into mysql-5.6
added:
mysql-test/suite/innodb/include/innodb_create_tab_indx.inc
mysql-test/suite/innodb/include/innodb_fectch_records.inc
mysql-test/suite/innodb/include/innodb_load_data.inc
mysql-test/suite/innodb/include/innodb_stats_comp_index.inc
mysql-test/suite/innodb/include/innodb_stats_restart.inc
mysql-test/suite/innodb/r/innodb_cmp_per_index.result
mysql-test/suite/innodb/r/innodb_wl6347_comp_indx_stat.result
mysql-test/suite/innodb/t/innodb_cmp_per_index.test
mysql-test/suite/innodb/t/innodb_wl6347_comp_indx_stat.test
mysql-test/suite/sys_vars/r/innodb_cmp_per_index_enabled_basic.result
mysql-test/suite/sys_vars/t/innodb_cmp_per_index_enabled_basic.test
modified:
mysql-test/r/information_schema.result
mysql-test/r/mysqlshow.result
storage/innobase/handler/ha_innodb.cc
storage/innobase/handler/i_s.cc
storage/innobase/handler/i_s.h
storage/innobase/include/page0types.h
storage/innobase/include/page0zip.h
storage/innobase/include/page0zip.ic
storage/innobase/include/srv0srv.h
storage/innobase/page/page0zip.cc
storage/innobase/srv/srv0srv.cc
=== modified file 'client/mysql_config_editor.cc'
--- a/client/mysql_config_editor.cc 2012-07-13 14:28:34 +0000
+++ b/client/mysql_config_editor.cc 2012-08-30 18:29:28 +0000
@@ -366,7 +366,6 @@ static my_bool check_and_create_login_fi
const int access_flag= (O_RDWR | O_BINARY);
const ushort create_mode= (S_IRUSR | S_IWUSR );
- const ushort create_mode_all= (S_IRWXU | S_IRWXG | S_IRWXO);
/* Get the login file name. */
if (! my_default_get_login_file(my_login_file, sizeof(my_login_file)))
@@ -418,7 +417,7 @@ static my_bool check_and_create_login_fi
#ifdef _WIN32
if (1)
#else
- if (!(create_mode ^ (stat_info.st_mode & create_mode_all)))
+ if (!(stat_info.st_mode & (S_IXUSR | S_IRWXG | S_IRWXO)))
#endif
{
verbose_msg("File has the required permission.\nOpening the file.\n");
=== modified file 'mysys_ssl/my_default.cc'
--- a/mysys_ssl/my_default.cc 2012-08-03 17:38:02 +0000
+++ b/mysys_ssl/my_default.cc 2012-08-30 18:29:28 +0000
@@ -155,6 +155,7 @@ static int search_default_file_with_ext(
const char *dir, const char *ext,
const char *config_file, int recursion_level);
static my_bool mysql_file_getline(char *str, int size, MYSQL_FILE *file);
+static int check_file_permissions(const char *file_name);
/**
@@ -861,7 +862,7 @@ static int search_default_file_with_ext(
MYSQL_FILE *fp;
uint line=0;
my_bool found_group=0;
- uint i;
+ uint i, rc;
MY_DIR *search_dir;
FILEINFO *search_file;
@@ -879,25 +880,10 @@ static int search_default_file_with_ext(
strmov(name,config_file);
}
fn_format(name,name,"","",4);
-#if !defined(__WIN__)
- {
- MY_STAT stat_info;
- if (!my_stat(name,&stat_info,MYF(0)))
- return 1;
- /*
- Ignore world-writable regular files.
- This is mainly done to protect us to not read a file created by
- the mysqld server, but the check is still valid in most context.
- */
- if ((stat_info.st_mode & S_IWOTH) &&
- (stat_info.st_mode & S_IFMT) == S_IFREG)
- {
- fprintf(stderr, "Warning: World-writable config file '%s' is ignored\n",
- name);
- return 0;
- }
- }
-#endif
+
+ if ((rc= check_file_permissions(name)) < 2)
+ return (int) rc;
+
if (is_login_file)
{
if ( !(fp = mysql_file_fopen(key_file_cnf, name, (O_RDONLY | O_BINARY),
@@ -1464,3 +1450,48 @@ int my_default_get_login_file(char *file
return 1;
}
+
+/**
+ Check file permissions of the option file.
+
+ @param file_name [in] Name of the option file.
+
+ @return 0 - Non-allowable file permissions.
+ 1 - Failed to stat.
+ 2 - Success.
+*/
+static int check_file_permissions(const char *file_name)
+{
+#if !defined(__WIN__)
+ MY_STAT stat_info;
+
+ if (!my_stat(file_name,&stat_info,MYF(0)))
+ return 1;
+ /*
+ Ignore .mylogin.cnf file if not exclusively readable/writable
+ by current user.
+ */
+ if (is_login_file && (stat_info.st_mode & (S_IXUSR | S_IRWXG | S_IRWXO))
+ && (stat_info.st_mode & S_IFMT) == S_IFREG)
+ {
+ fprintf(stderr, "Warning: %s should be readable/writable only by "
+ "current user.\n", file_name);
+ return 0;
+ }
+ /*
+ Ignore world-writable regular files.
+ This is mainly done to protect us to not read a file created by
+ the mysqld server, but the check is still valid in most context.
+ */
+ else if ((stat_info.st_mode & S_IWOTH) &&
+ (stat_info.st_mode & S_IFMT) == S_IFREG)
+
+ {
+ fprintf(stderr, "Warning: World-writable config file '%s' is ignored\n",
+ file_name);
+ return 0;
+ }
+#endif
+ return 2; /* Success */
+}
+
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-5.6 branch (nirbhay.choubey:4200 to 4201) Bug#14513708 | Nirbhay Choubey | 30 Aug |
