From: Nirbhay Choubey Date: August 30 2012 6:37pm Subject: bzr push into mysql-5.6 branch (nirbhay.choubey:4200 to 4201) Bug#14513708 List-Archive: http://lists.mysql.com/commits/144665 X-Bug: 14513708 Message-Id: <20120830183725.3244.39610.4201@Nirbhay-lenovo> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 4201 Nirbhay Choubey 2012-08-30 Bug #14513708 .MYLOGIN.CNF SHOULD BE IGNORED IF ITS NOT EXCLUSIVELY READ/WRITABLE BY CURR. USER In the option handling system, the file permissions for login file were being checked like other option files. Added a check separately for login file to make sure that it gets ignored if its not exclusively readable/ writable by current user. Also moved the permissions- checking code to a new function. Manually tested. modified: client/mysql_config_editor.cc mysys_ssl/my_default.cc 4200 Vasil Dimov 2012-08-30 Backport WL#6347 InnoDB: Index level compression stats from mysql-trunk into mysql-5.6 added: mysql-test/suite/innodb/include/innodb_create_tab_indx.inc mysql-test/suite/innodb/include/innodb_fectch_records.inc mysql-test/suite/innodb/include/innodb_load_data.inc mysql-test/suite/innodb/include/innodb_stats_comp_index.inc mysql-test/suite/innodb/include/innodb_stats_restart.inc mysql-test/suite/innodb/r/innodb_cmp_per_index.result mysql-test/suite/innodb/r/innodb_wl6347_comp_indx_stat.result mysql-test/suite/innodb/t/innodb_cmp_per_index.test mysql-test/suite/innodb/t/innodb_wl6347_comp_indx_stat.test mysql-test/suite/sys_vars/r/innodb_cmp_per_index_enabled_basic.result mysql-test/suite/sys_vars/t/innodb_cmp_per_index_enabled_basic.test modified: mysql-test/r/information_schema.result mysql-test/r/mysqlshow.result storage/innobase/handler/ha_innodb.cc storage/innobase/handler/i_s.cc storage/innobase/handler/i_s.h storage/innobase/include/page0types.h storage/innobase/include/page0zip.h storage/innobase/include/page0zip.ic storage/innobase/include/srv0srv.h storage/innobase/page/page0zip.cc storage/innobase/srv/srv0srv.cc === modified file 'client/mysql_config_editor.cc' --- a/client/mysql_config_editor.cc 2012-07-13 14:28:34 +0000 +++ b/client/mysql_config_editor.cc 2012-08-30 18:29:28 +0000 @@ -366,7 +366,6 @@ static my_bool check_and_create_login_fi const int access_flag= (O_RDWR | O_BINARY); const ushort create_mode= (S_IRUSR | S_IWUSR ); - const ushort create_mode_all= (S_IRWXU | S_IRWXG | S_IRWXO); /* Get the login file name. */ if (! my_default_get_login_file(my_login_file, sizeof(my_login_file))) @@ -418,7 +417,7 @@ static my_bool check_and_create_login_fi #ifdef _WIN32 if (1) #else - if (!(create_mode ^ (stat_info.st_mode & create_mode_all))) + if (!(stat_info.st_mode & (S_IXUSR | S_IRWXG | S_IRWXO))) #endif { verbose_msg("File has the required permission.\nOpening the file.\n"); === modified file 'mysys_ssl/my_default.cc' --- a/mysys_ssl/my_default.cc 2012-08-03 17:38:02 +0000 +++ b/mysys_ssl/my_default.cc 2012-08-30 18:29:28 +0000 @@ -155,6 +155,7 @@ static int search_default_file_with_ext( const char *dir, const char *ext, const char *config_file, int recursion_level); static my_bool mysql_file_getline(char *str, int size, MYSQL_FILE *file); +static int check_file_permissions(const char *file_name); /** @@ -861,7 +862,7 @@ static int search_default_file_with_ext( MYSQL_FILE *fp; uint line=0; my_bool found_group=0; - uint i; + uint i, rc; MY_DIR *search_dir; FILEINFO *search_file; @@ -879,25 +880,10 @@ static int search_default_file_with_ext( strmov(name,config_file); } fn_format(name,name,"","",4); -#if !defined(__WIN__) - { - MY_STAT stat_info; - if (!my_stat(name,&stat_info,MYF(0))) - return 1; - /* - Ignore world-writable regular files. - This is mainly done to protect us to not read a file created by - the mysqld server, but the check is still valid in most context. - */ - if ((stat_info.st_mode & S_IWOTH) && - (stat_info.st_mode & S_IFMT) == S_IFREG) - { - fprintf(stderr, "Warning: World-writable config file '%s' is ignored\n", - name); - return 0; - } - } -#endif + + if ((rc= check_file_permissions(name)) < 2) + return (int) rc; + if (is_login_file) { if ( !(fp = mysql_file_fopen(key_file_cnf, name, (O_RDONLY | O_BINARY), @@ -1464,3 +1450,48 @@ int my_default_get_login_file(char *file return 1; } + +/** + Check file permissions of the option file. + + @param file_name [in] Name of the option file. + + @return 0 - Non-allowable file permissions. + 1 - Failed to stat. + 2 - Success. +*/ +static int check_file_permissions(const char *file_name) +{ +#if !defined(__WIN__) + MY_STAT stat_info; + + if (!my_stat(file_name,&stat_info,MYF(0))) + return 1; + /* + Ignore .mylogin.cnf file if not exclusively readable/writable + by current user. + */ + if (is_login_file && (stat_info.st_mode & (S_IXUSR | S_IRWXG | S_IRWXO)) + && (stat_info.st_mode & S_IFMT) == S_IFREG) + { + fprintf(stderr, "Warning: %s should be readable/writable only by " + "current user.\n", file_name); + return 0; + } + /* + Ignore world-writable regular files. + This is mainly done to protect us to not read a file created by + the mysqld server, but the check is still valid in most context. + */ + else if ((stat_info.st_mode & S_IWOTH) && + (stat_info.st_mode & S_IFMT) == S_IFREG) + + { + fprintf(stderr, "Warning: World-writable config file '%s' is ignored\n", + file_name); + return 0; + } +#endif + return 2; /* Success */ +} + No bundle (reason: useless for push emails).