List:Commits« Previous MessageNext Message »
From:mattiasj Date:November 12 2007 12:23pm
Subject:bk commit into 5.1 tree (mattiasj:1.2608) BUG#32091
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of mattiasj. When mattiasj does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-11-12 13:23:45+01:00, mattiasj@mattiasj-laptop.(none) +4 -0
  Bug#32091: Security breach via directory changes
  
  Merge fix
  
  partition_mgm did not require have_symlink.
  
  Moved the test case to partition_symlink, which
  require have_symlink, and should work on both *nix and
  Windows

  mysql-test/r/partition_mgm.result@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +0 -82
    Bug#32091: Security breach via directory changes
    
    Moved the test case to partition_symlink.

  mysql-test/r/partition_symlink.result@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +83 -0
    Bug#32091: Security breach via directory changes
    
    Moved the test case to partition_symlink. It requires
    have_symlink.

  mysql-test/r/partition_symlink.result@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +0 -0

  mysql-test/t/partition_mgm.test@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +2 -112
    Bug#32091: Security breach via directory changes
    
    Moved the test case to partition_symlink.

  mysql-test/t/partition_symlink.test@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +119 -0
    Bug#32091: Security breach via directory changes
    
    Moved the test case to partition_symlink. It requires
    have_symlink.

  mysql-test/t/partition_symlink.test@stripped, 2007-11-12 13:23:43+01:00, mattiasj@mattiasj-laptop.(none) +0 -0

diff -Nrup a/mysql-test/r/partition_mgm.result b/mysql-test/r/partition_mgm.result
--- a/mysql-test/r/partition_mgm.result	2007-11-10 21:29:38 +01:00
+++ b/mysql-test/r/partition_mgm.result	2007-11-12 13:23:43 +01:00
@@ -1,86 +1,4 @@
 DROP TABLE IF EXISTS t1;
-DROP DATABASE IF EXISTS mysqltest2;
-# Creating two non colliding tables mysqltest2.t1 and test.t1
-# test.t1 have partitions in mysqltest2-directory!
-# user root:
-CREATE USER mysqltest_1@localhost;
-CREATE DATABASE mysqltest2;
-USE mysqltest2;
-CREATE TABLE t1 (a INT);
-INSERT INTO t1 VALUES (0);
-# user mysqltest_1:
-USE test;
-CREATE TABLE t1 (a INT)
-PARTITION BY LIST (a) (
-PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
-PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
-PARTITION p2 VALUES IN (2)
-);
-# without the patch for bug#32091 this would create
-# files mysqltest2/t1.MYD + .MYI and possible overwrite
-# the mysqltest2.t1 table (depending on bug#32111)
-ALTER TABLE t1 REMOVE PARTITIONING;
-INSERT INTO t1 VALUES (1);
-SELECT * FROM t1;
-a
-1
-# user root:
-USE mysqltest2;
-FLUSH TABLES;
-# if the patch works, this should be different
-# and before the patch they were the same!
-SELECT * FROM t1;
-a
-0
-USE test;
-SELECT * FROM t1;
-a
-1
-DROP TABLE t1;
-DROP DATABASE mysqltest2;
-# test that symlinks can not overwrite files when CREATE TABLE
-# user root:
-CREATE DATABASE mysqltest2;
-USE mysqltest2;
-CREATE TABLE t1 (a INT)
-PARTITION BY LIST (a) (
-PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
-PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-   );
-# user mysqltest_1:
-USE test;
-CREATE TABLE t1 (a INT)
-PARTITION BY LIST (a) (
-PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
-PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-   );
-Got one of the listed errors
-CREATE TABLE t1 (a INT)
-PARTITION BY LIST (a) (
-PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
-PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-  );
-Got one of the listed errors
-# user root (cleanup):
-DROP DATABASE mysqltest2;
-USE test;
-DROP USER mysqltest_1@localhost;
 create table t1 (a int)
 partition by range (a)
 subpartition by key (a)
diff -Nrup a/mysql-test/r/partition_symlink.result b/mysql-test/r/partition_symlink.result
--- /dev/null	Wed Dec 31 16:00:00 196900
+++ b/mysql-test/r/partition_symlink.result	2007-11-12 13:23:43 +01:00
@@ -0,0 +1,83 @@
+DROP TABLE IF EXISTS t1;
+DROP DATABASE IF EXISTS mysqltest2;
+# Creating two non colliding tables mysqltest2.t1 and test.t1
+# test.t1 have partitions in mysqltest2-directory!
+# user root:
+CREATE USER mysqltest_1@localhost;
+CREATE DATABASE mysqltest2;
+USE mysqltest2;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (0);
+# user mysqltest_1:
+USE test;
+CREATE TABLE t1 (a INT)
+PARTITION BY LIST (a) (
+PARTITION p0 VALUES IN (0)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+PARTITION p1 VALUES IN (1)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
+PARTITION p2 VALUES IN (2)
+);
+# without the patch for bug#32091 this would create
+# files mysqltest2/t1.MYD + .MYI and possible overwrite
+# the mysqltest2.t1 table (depending on bug#32111)
+ALTER TABLE t1 REMOVE PARTITIONING;
+INSERT INTO t1 VALUES (1);
+SELECT * FROM t1;
+a
+1
+# user root:
+USE mysqltest2;
+FLUSH TABLES;
+# if the patch works, this should be different
+# and before the patch they were the same!
+SELECT * FROM t1;
+a
+0
+USE test;
+SELECT * FROM t1;
+a
+1
+DROP TABLE t1;
+DROP DATABASE mysqltest2;
+# test that symlinks can not overwrite files when CREATE TABLE
+# user root:
+CREATE DATABASE mysqltest2;
+USE mysqltest2;
+CREATE TABLE t1 (a INT)
+PARTITION BY LIST (a) (
+PARTITION p0 VALUES IN (0)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+PARTITION p1 VALUES IN (1)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+   );
+# user mysqltest_1:
+USE test;
+CREATE TABLE t1 (a INT)
+PARTITION BY LIST (a) (
+PARTITION p0 VALUES IN (0)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+PARTITION p1 VALUES IN (1)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+   );
+Got one of the listed errors
+CREATE TABLE t1 (a INT)
+PARTITION BY LIST (a) (
+PARTITION p0 VALUES IN (0)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
+PARTITION p1 VALUES IN (1)
+DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+  );
+Got one of the listed errors
+# user root (cleanup):
+DROP DATABASE mysqltest2;
+USE test;
+DROP USER mysqltest_1@localhost;
diff -Nrup a/mysql-test/t/partition_mgm.test b/mysql-test/t/partition_mgm.test
--- a/mysql-test/t/partition_mgm.test	2007-11-10 21:29:38 +01:00
+++ b/mysql-test/t/partition_mgm.test	2007-11-12 13:23:43 +01:00
@@ -1,117 +1,7 @@
 -- source include/have_partition.inc
--- disable_warnings
+--disable_warnings
 DROP TABLE IF EXISTS t1;
-DROP DATABASE IF EXISTS mysqltest2;
--- enable_warnings
-
-#
-# Bug 32091: Security breach via directory changes
-#
-# The below test shows that a pre-existing table mysqltest2.t1 cannot be
-# replaced by a user with no rights in 'mysqltest2'. The altered table
-# test.t1 will be altered (remove partitioning) into the test directory
-# and having its partitions removed from the mysqltest2 directory.
-# (the partitions data files are named <tablename>#P#<partname>.MYD
-# and will not collide with a non partitioned table's data files.) 
-# NOTE: the privileges on files and directories are the same for all
-# database users in mysqld, though mysqld enforces privileges on
-# the database and table levels which in turn maps to directories and
-# files, but not the other way around (any db-user can use any
-# directory or file that the mysqld-process can use, via DATA/INDEX DIR)
-# this is the security flaw that was used in bug#32091 and bug#32111
--- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
--- echo # test.t1 have partitions in mysqltest2-directory!
--- echo # user root:
-  CREATE USER mysqltest_1@localhost;
-  CREATE DATABASE mysqltest2;
-  USE mysqltest2;
-  CREATE TABLE t1 (a INT);
-  INSERT INTO t1 VALUES (0);
-connect(con1,localhost,mysqltest_1,,);
--- echo # user mysqltest_1:
-  USE test;
-  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  eval CREATE TABLE t1 (a INT)
-   PARTITION BY LIST (a) (
-    PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
-    PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
-    PARTITION p2 VALUES IN (2)
-  );
-  -- echo # without the patch for bug#32091 this would create
-  -- echo # files mysqltest2/t1.MYD + .MYI and possible overwrite
-  -- echo # the mysqltest2.t1 table (depending on bug#32111)
-  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  ALTER TABLE t1 REMOVE PARTITIONING;
-  INSERT INTO t1 VALUES (1);
-  SELECT * FROM t1;
-connection default;
--- echo # user root:
-  USE mysqltest2;
-  FLUSH TABLES;
-  -- echo # if the patch works, this should be different
-  -- echo # and before the patch they were the same!
-  SELECT * FROM t1;
-  USE test;
-  SELECT * FROM t1;
-  DROP TABLE t1;
-  DROP DATABASE mysqltest2;
-# The below test shows that a pre-existing partition can not be
-# destroyed by a new partition from another table.
-# (Remember that a table or partition that uses the DATA/INDEX DIR
-# is symlinked and thus has
-# 1. the real file in the DATA/INDEX DIR and
-# 2. a symlink in its default database directory pointing to
-# the real file.
-# So it is using/blocking 2 files in (in 2 different directories
--- echo # test that symlinks can not overwrite files when CREATE TABLE
--- echo # user root:
-  CREATE DATABASE mysqltest2;
-  USE mysqltest2;
-  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  eval CREATE TABLE t1 (a INT)
-   PARTITION BY LIST (a) (
-    PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
-    PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-   );
-connection con1;
--- echo # user mysqltest_1:
-  USE test;
-  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  -- error 1,1
-  eval CREATE TABLE t1 (a INT)
-   PARTITION BY LIST (a) (
-    PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
-    PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-   );
-  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  -- error 1,1
-  eval CREATE TABLE t1 (a INT)
-   PARTITION BY LIST (a) (
-    PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
-    PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-  );
-connection default;
--- echo # user root (cleanup):
-  DROP DATABASE mysqltest2;
-  USE test;
-  DROP USER mysqltest_1@localhost;
-  disconnect con1;
+--enable_warnings
 
 #
 # Bug 21143: mysqld hang when error in number of subparts in
diff -Nrup a/mysql-test/t/partition_symlink.test b/mysql-test/t/partition_symlink.test
--- /dev/null	Wed Dec 31 16:00:00 196900
+++ b/mysql-test/t/partition_symlink.test	2007-11-12 13:23:43 +01:00
@@ -0,0 +1,119 @@
+# Test that must have symlink. eg. using DATA/INDEX DIR
+# (DATA/INDEX DIR requires symlinks)
+-- source include/have_partition.inc
+-- source include/have_symlink.inc
+-- disable_warnings
+DROP TABLE IF EXISTS t1;
+DROP DATABASE IF EXISTS mysqltest2;
+-- enable_warnings
+
+#
+# Bug 32091: Security breach via directory changes
+#
+# The below test shows that a pre-existing table mysqltest2.t1 cannot be
+# replaced by a user with no rights in 'mysqltest2'. The altered table
+# test.t1 will be altered (remove partitioning) into the test directory
+# and having its partitions removed from the mysqltest2 directory.
+# (the partitions data files are named <tablename>#P#<partname>.MYD
+# and will not collide with a non partitioned table's data files.) 
+# NOTE: the privileges on files and directories are the same for all
+# database users in mysqld, though mysqld enforces privileges on
+# the database and table levels which in turn maps to directories and
+# files, but not the other way around (any db-user can use any
+# directory or file that the mysqld-process can use, via DATA/INDEX DIR)
+# this is the security flaw that was used in bug#32091 and bug#32111
+-- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
+-- echo # test.t1 have partitions in mysqltest2-directory!
+-- echo # user root:
+  CREATE USER mysqltest_1@localhost;
+  CREATE DATABASE mysqltest2;
+  USE mysqltest2;
+  CREATE TABLE t1 (a INT);
+  INSERT INTO t1 VALUES (0);
+connect(con1,localhost,mysqltest_1,,);
+-- echo # user mysqltest_1:
+  USE test;
+  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+  eval CREATE TABLE t1 (a INT)
+   PARTITION BY LIST (a) (
+    PARTITION p0 VALUES IN (0)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+    PARTITION p1 VALUES IN (1)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+    PARTITION p2 VALUES IN (2)
+  );
+  -- echo # without the patch for bug#32091 this would create
+  -- echo # files mysqltest2/t1.MYD + .MYI and possible overwrite
+  -- echo # the mysqltest2.t1 table (depending on bug#32111)
+  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+  ALTER TABLE t1 REMOVE PARTITIONING;
+  INSERT INTO t1 VALUES (1);
+  SELECT * FROM t1;
+connection default;
+-- echo # user root:
+  USE mysqltest2;
+  FLUSH TABLES;
+  -- echo # if the patch works, this should be different
+  -- echo # and before the patch they were the same!
+  SELECT * FROM t1;
+  USE test;
+  SELECT * FROM t1;
+  DROP TABLE t1;
+  DROP DATABASE mysqltest2;
+# The below test shows that a pre-existing partition can not be
+# destroyed by a new partition from another table.
+# (Remember that a table or partition that uses the DATA/INDEX DIR
+# is symlinked and thus has
+# 1. the real file in the DATA/INDEX DIR and
+# 2. a symlink in its default database directory pointing to
+# the real file.
+# So it is using/blocking 2 files in (in 2 different directories
+-- echo # test that symlinks can not overwrite files when CREATE TABLE
+-- echo # user root:
+  CREATE DATABASE mysqltest2;
+  USE mysqltest2;
+  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+  eval CREATE TABLE t1 (a INT)
+   PARTITION BY LIST (a) (
+    PARTITION p0 VALUES IN (0)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+    PARTITION p1 VALUES IN (1)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+   );
+connection con1;
+-- echo # user mysqltest_1:
+  USE test;
+  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+  -- error 1,1
+  eval CREATE TABLE t1 (a INT)
+   PARTITION BY LIST (a) (
+    PARTITION p0 VALUES IN (0)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+    PARTITION p1 VALUES IN (1)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+   );
+  -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+  -- error 1,1
+  eval CREATE TABLE t1 (a INT)
+   PARTITION BY LIST (a) (
+    PARTITION p0 VALUES IN (0)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+    PARTITION p1 VALUES IN (1)
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+  );
+connection default;
+-- echo # user root (cleanup):
+  DROP DATABASE mysqltest2;
+  USE test;
+  DROP USER mysqltest_1@localhost;
+  disconnect con1;
+
+
Thread
bk commit into 5.1 tree (mattiasj:1.2608) BUG#32091mattiasj12 Nov