| List: | Commits | « Previous MessageNext Message » | |
| From: | Sergei Golubchik | Date: | November 29 2007 7:53pm |
| Subject: | Re: bk commit into 4.0 tree (gluh:1.2198) BUG#32167 | ||
| View as plain text | |||
Hi! On Nov 28, gluh@stripped wrote: > ChangeSet@stripped, 2007-11-28 19:02:52+04:00, gluh@stripped +3 -0 > Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(3rd version) > added new function test_if_data_home_dir() which checks that > path does not contain mysql data home directory. > Using of mysql data home directory in > DATA DIRECTORY & INDEX DIRECTORY is disallowed. > > --- 1.397/sql/sql_parse.cc 2006-04-26 04:41:10 +05:00 > +++ 1.398/sql/sql_parse.cc 2007-11-28 19:02:52 +04:00 > @@ -67,6 +67,7 @@ static bool create_total_list(THD *thd, > TABLE_LIST **result, bool skip_first); > static bool check_one_table_access(THD *thd, ulong want_access, > TABLE_LIST *table, bool no_errors); > +static bool test_if_data_home_dir(const char *dir); > > > const char *any_db="*any*"; // Special symbol for check_access > @@ -1681,6 +1682,23 @@ mysql_execute_command(void) > #ifndef HAVE_READLINK > lex->create_info.data_file_name=lex->create_info.index_file_name=0; > #else > + > + if (lex->create_info.data_file_name && > + test_if_data_home_dir(lex->create_info.data_file_name)) > + { > + > + my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY"); Ah, ER_WRONG_ARGUMENTS existed in 4.0, great... > + res= -1; > + break; > + } > + if (lex->create_info.index_file_name && > + test_if_data_home_dir(lex->create_info.index_file_name)) > + { > + my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY"); > + res= -1; > + break; > + } > + > /* Fix names if symlinked tables */ > if (append_file_to_dir(thd, &lex->create_info.data_file_name, > tables->real_name) || > @@ -4040,4 +4058,45 @@ static bool check_multi_update_lock(THD > +static bool test_if_data_home_dir(const char *dir) > +{ > + uint home_dir_len, dir_len; > + char path[FN_REFLEN], conv_path[FN_REFLEN], > + real_home_dir[FN_REFLEN], conv_home_dir[FN_REFLEN]; > + DBUG_ENTER("test_if_data_home_dir"); > + > + (void) fn_format(path, dir, "", "", > + (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); > + dir_len= unpack_dirname(conv_path, dir); > + (void) fn_format(real_home_dir, mysql_real_data_home, "", "", > + (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); > + home_dir_len= unpack_dirname(conv_home_dir, real_home_dir); I'd prefer you to convert/unpack mysql_real_data_home only once, in mysqld.cc. > + > + if (home_dir_len <= dir_len) > + { > + if (lower_case_file_system) > + { > + if (!my_strnncoll(default_charset_info, (const uchar*) conv_path, > home_dir_len, make sure to use character_set_filesystem in the tree where it's available (when you'll merge upwards). > + (const uchar*) conv_home_dir, home_dir_len)) > + DBUG_RETURN(1); > + } > + else if (!memcmp(conv_path, conv_home_dir, home_dir_len)) > + DBUG_RETURN(1); > + } > + DBUG_RETURN(0); > } > Regards / Mit vielen Grüssen, Sergei -- __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@stripped> / /|_/ / // /\ \/ /_/ / /__ Principal Software Developer /_/ /_/\_, /___/\___\_\___/ MySQL GmbH, Dachauer Str. 37, D-80335 München <___/ Geschäftsführer: Kaj Arnö - HRB München 162140
| Thread | ||
|---|---|---|
| • bk commit into 4.0 tree (gluh:1.2198) BUG#32167 | gluh | 28 Nov |
| • Re: bk commit into 4.0 tree (gluh:1.2198) BUG#32167 | Sergei Golubchik | 29 Nov |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.460 sec. using MySQL 5.1.14-beta-log