| List: | Commits | « Previous MessageNext Message » | |
| From: | Sergei Golubchik | Date: | November 8 2007 8:35pm |
| Subject: | Re: bk commit into 4.0 tree (svoj:1.2215) BUG#32111 | ||
| View as plain text | |||
Hi! On Nov 06, Sergey Vojtovich wrote: > > ChangeSet@stripped, 2007-11-06 18:09:33+04:00, svoj@stripped +3 -0 > BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE > > RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites > the file to which the symlink points. > > This is security issue, because it is possible to create a table with > some name in some non-system database and set DATA/INDEX DIRECTORY > to mysql system database. Renaming this table to one of mysql system > tables (e.g. user, host) would overwrite the system table. > > Return an error when the file to which the symlink points exist. ok to push Regards / Mit vielen Grüssen, Sergei -- __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@stripped> / /|_/ / // /\ \/ /_/ / /__ Principal Software Developer /_/ /_/\_, /___/\___\_\___/ MySQL GmbH, Dachauer Str. 37, D-80335 München <___/ Geschäftsführer: Kaj Arnö - HRB München 162140
| Thread | ||
|---|---|---|
| • bk commit into 4.0 tree (svoj:1.2215) BUG#32111 | Sergey Vojtovich | 6 Nov |
| • Re: bk commit into 4.0 tree (svoj:1.2215) BUG#32111 | Sergei Golubchik | 8 Nov |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.061 sec. using MySQL 5.1.14-beta-log