List:Commits« Previous MessageNext Message »
From:msvensson Date:February 14 2007 2:45pm
Subject:bk commit into 5.0 tree (msvensson:1.2415)
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-02-14 14:45:15+01:00, msvensson@stripped +6 -0
  Merge pilot.mysql.com:/home/msvensson/mysql/bug18628/my50-bug18628
  into  pilot.mysql.com:/home/msvensson/mysql/mysql-5.0-maint
  MERGE: 1.2385.7.2

  mysql-test/mysql-test-run.pl@stripped, 2007-02-14 14:45:12+01:00, msvensson@stripped
+0 -0
    Auto merged
    MERGE: 1.191.1.1

  sql/item_strfunc.cc@stripped, 2007-02-14 14:45:12+01:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.292.1.1

  sql/mysql_priv.h@stripped, 2007-02-14 14:45:13+01:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.429.4.1

  sql/mysqld.cc@stripped, 2007-02-14 14:45:13+01:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.589.4.1

  sql/set_var.cc@stripped, 2007-02-14 14:45:13+01:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.176.1.1

  sql/sql_class.cc@stripped, 2007-02-14 14:45:13+01:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.256.1.1

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	pilot.mysql.com
# Root:	/home/msvensson/mysql/mysql-5.0-maint/RESYNC

--- 1.293/sql/item_strfunc.cc	2007-01-12 14:40:31 +01:00
+++ 1.294/sql/item_strfunc.cc	2007-02-14 14:45:12 +01:00
@@ -2780,6 +2780,11 @@
   (void) fn_format(path, file_name->c_ptr(), mysql_real_data_home, "",
 		   MY_RELATIVE_PATH | MY_UNPACK_FILENAME);
 
+  /* Read only allowed from within dir specified by secure_file_priv */
+  if (opt_secure_file_priv &&
+      strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv)))
+    goto err;
+
   if (!my_stat(path, &stat_info, MYF(0)))
     goto err;
 

--- 1.435/sql/mysql_priv.h	2007-02-13 16:01:56 +01:00
+++ 1.436/sql/mysql_priv.h	2007-02-14 14:45:13 +01:00
@@ -1272,6 +1272,7 @@
 extern my_bool opt_readonly, lower_case_file_system;
 extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
 extern my_bool opt_secure_auth;
+extern char* opt_secure_file_priv;
 extern my_bool opt_log_slow_admin_statements;
 extern my_bool sp_automatic_privileges, opt_noacl;
 extern my_bool opt_old_style_user_limits, trust_function_creators;

--- 1.597/sql/mysqld.cc	2007-02-06 15:50:34 +01:00
+++ 1.598/sql/mysqld.cc	2007-02-14 14:45:13 +01:00
@@ -363,6 +363,7 @@
 my_bool opt_readonly, use_temp_pool, relay_log_purge;
 my_bool opt_sync_frm, opt_allow_suspicious_udfs;
 my_bool opt_secure_auth= 0;
+char* opt_secure_file_priv= 0;
 my_bool opt_log_slow_admin_statements= 0;
 my_bool lower_case_file_system= 0;
 my_bool opt_large_pages= 0;
@@ -1144,6 +1145,7 @@
 #endif
   x_free(opt_bin_logname);
   x_free(opt_relay_logname);
+  x_free(opt_secure_file_priv);
   bitmap_free(&temp_pool);
   free_max_user_conn();
 #ifdef HAVE_REPLICATION
@@ -4700,7 +4702,8 @@
   OPT_TABLE_LOCK_WAIT_TIMEOUT,
   OPT_PORT_OPEN_TIMEOUT,
   OPT_MERGE,
-  OPT_INNODB_ROLLBACK_ON_TIMEOUT
+  OPT_INNODB_ROLLBACK_ON_TIMEOUT,
+  OPT_SECURE_FILE_PRIV
 };
 
 
@@ -5350,6 +5353,10 @@
   {"secure-auth", OPT_SECURE_AUTH, "Disallow authentication for accounts that have old
(pre-4.1) passwords.",
    (gptr*) &opt_secure_auth, (gptr*) &opt_secure_auth, 0, GET_BOOL, NO_ARG,
    my_bool(0), 0, 0, 0, 0, 0},
+  {"secure-file-priv", OPT_SECURE_FILE_PRIV,
+   "Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files within specified
directory",
+   (gptr*) &opt_secure_file_priv, (gptr*) &opt_secure_file_priv, 0,
+   GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
   {"server-id",	OPT_SERVER_ID,
    "Uniquely identifies the server instance in the community of replication partners.",
    (gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
@@ -6379,6 +6386,7 @@
   opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname= 0;
   opt_tc_log_file= (char *)"tc.log";      // no hostname in tc_log file name !
   opt_secure_auth= 0;
+  opt_secure_file_priv= 0;
   opt_bootstrap= opt_myisam_log= 0;
   mqh_used= 0;
   segfaulted= kill_in_progress= 0;
@@ -7417,6 +7425,16 @@
       exit(1);
   }
 #endif /* HAVE_REPLICATION */
+  /*
+    Convert the secure-file-priv option to system format, allowing
+    a quick strcmp to check if read or write is in an allowed dir
+   */
+  if (opt_secure_file_priv)
+  {
+    convert_dirname(buff, opt_secure_file_priv, NullS);
+    my_free(opt_secure_file_priv, MYF(0));
+    opt_secure_file_priv= my_strdup(buff, MYF(MY_FAE));
+  }
 }
 
 

--- 1.257/sql/sql_class.cc	2007-01-24 03:13:38 +01:00
+++ 1.258/sql/sql_class.cc	2007-02-14 14:45:13 +01:00
@@ -1081,7 +1081,7 @@
 			IO_CACHE *cache)
 {
   File file;
-  uint option= MY_UNPACK_FILENAME;
+  uint option= MY_UNPACK_FILENAME | MY_RELATIVE_PATH;
 
 #ifdef DONT_ALLOW_FULL_LOAD_DATA_PATHS
   option|= MY_REPLACE_DIR;			// Force use of db directory
@@ -1094,7 +1094,15 @@
   }
   else
     (void) fn_format(path, exchange->file_name, mysql_real_data_home, "", option);
-    
+
+  if (opt_secure_file_priv &&
+      strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv)))
+  {
+    /* Write only allowed to dir or subdir specified by secure_file_priv */
+    my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
+    return -1;
+  }
+
   if (!access(path, F_OK))
   {
     my_error(ER_FILE_EXISTS_ERROR, MYF(0), exchange->file_name);

--- 1.196/mysql-test/mysql-test-run.pl	2007-02-06 16:38:30 +01:00
+++ 1.197/mysql-test/mysql-test-run.pl	2007-02-14 14:45:12 +01:00
@@ -3581,6 +3581,12 @@
   mtr_add_arg($args, "%s--basedir=%s", $prefix, $path_my_basedir);
   mtr_add_arg($args, "%s--character-sets-dir=%s", $prefix, $path_charsetsdir);
 
+  if ( $mysql_version_id >= 50036)
+  {
+    # Prevent the started mysqld to access files outside of vardir
+    mtr_add_arg($args, "%s--secure-file-priv=%s", $prefix, $opt_vardir);
+  }
+
   if ( $mysql_version_id >= 50000 )
   {
     mtr_add_arg($args, "%s--log-bin-trust-function-creators", $prefix);

--- 1.178/sql/set_var.cc	2007-02-06 15:50:34 +01:00
+++ 1.179/sql/set_var.cc	2007-02-14 14:45:13 +01:00
@@ -358,6 +358,8 @@
 				 &SV::query_cache_wlock_invalidate);
 #endif /* HAVE_QUERY_CACHE */
 sys_var_bool_ptr	sys_secure_auth("secure_auth", &opt_secure_auth);
+sys_var_const_str_ptr   sys_secure_file_priv("secure_file_priv",
+                                             &opt_secure_file_priv);
 sys_var_long_ptr	sys_server_id("server_id", &server_id, fix_server_id);
 sys_var_bool_ptr	sys_slave_compressed_protocol("slave_compressed_protocol",
 						      &opt_slave_compressed_protocol);
@@ -719,6 +721,7 @@
   &sys_rpl_recovery_rank,
   &sys_safe_updates,
   &sys_secure_auth,
+  &sys_secure_file_priv,
   &sys_select_limit,
   &sys_server_id,
 #ifdef HAVE_REPLICATION
@@ -1027,6 +1030,7 @@
 #endif
   {sys_rpl_recovery_rank.name,(char*) &sys_rpl_recovery_rank,       SHOW_SYS},
   {"secure_auth",             (char*) &sys_secure_auth,             SHOW_SYS},
+  {"secure_file_priv",        (char*) &sys_secure_file_priv,        SHOW_SYS},
 #ifdef HAVE_SMEM
   {"shared_memory",           (char*) &opt_enable_shared_memory,    SHOW_MY_BOOL},
   {"shared_memory_base_name", (char*) &shared_memory_base_name,     SHOW_CHAR_PTR},
Thread
bk commit into 5.0 tree (msvensson:1.2415)msvensson14 Feb