List:Commits« Previous MessageNext Message »
From:gluh Date:December 18 2007 12:48pm
Subject:bk commit into 5.1 tree (gluh:1.2679) BUG#32167
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-12-18 16:48:12+04:00, gluh@stripped +13 -0
  Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(2nd version for 5.1)
  added new function test_if_data_home_dir() which checks that
  path does not contain mysql data home directory.
  Using of 'mysql data home'/'any db name' in
  DATA DIRECTORY & INDEX DIRECTORY is disallowed

  mysql-test/r/partition.result@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +28 -0
    test result

  mysql-test/r/partition_not_windows.result@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +3 -3
    result fix

  mysql-test/r/partition_symlink.result@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +16 -17
    result fix

  mysql-test/r/symlink.result@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +28 -37
    test result update

  mysql-test/t/partition.test@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +40 -2
    test case

  mysql-test/t/partition_not_windows.test@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +18 -18
    test case update

  mysql-test/t/partition_symlink.test@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +22 -18
    test case update

  mysql-test/t/symlink.test@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +42 -50
    test case

  sql/mysql_priv.h@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +3 -1
    new variable mysql_unpacked_real_data_home

  sql/mysqld.cc@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +4 -0
    new variable mysql_unpacked_real_data_home

  sql/partition_info.cc@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +56 -0
    new check_partition_dirs() which checks
    data directory and index directory for partition elements

  sql/partition_info.h@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +1 -0
    new check_partition_dirs() which checks
    data directory and index directory for partition elements

  sql/sql_parse.cc@stripped, 2007-12-18 16:48:10+04:00, gluh@stripped +65 -0
    added new function test_if_data_home_dir() which checks that
    path does not contain mysql data home directory.
    Using of 'mysql data home'/'any db name' in
    DATA DIRECTORY & INDEX DIRECTORY is disallowed

diff -Nrup a/mysql-test/r/partition.result b/mysql-test/r/partition.result
--- a/mysql-test/r/partition.result	2007-11-27 12:28:05 +04:00
+++ b/mysql-test/r/partition.result	2007-12-18 16:48:10 +04:00
@@ -1307,4 +1307,32 @@ ERROR 42000: You have an error in your S
 ALTER TABLE t1 ANALYZE PARTITION p1 EXTENDED;
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'EXTENDED' at line 1
 DROP TABLE t1;
+CREATE TABLE t1(a INT)
+PARTITION BY KEY (a)
+(PARTITION p0 DATA DIRECTORY 'TEST_DIR/master-data/test');
+ERROR HY000: Incorrect arguments to DATA DIRECORY
+CREATE TABLE t1(a INT)
+PARTITION BY KEY (a)
+(PARTITION p0 INDEX DIRECTORY 'TEST_DIR/master-data/test');
+ERROR HY000: Incorrect arguments to INDEX DIRECORY
+CREATE TABLE ts (id INT, purchased DATE)
+PARTITION BY RANGE(YEAR(purchased))
+SUBPARTITION BY HASH(TO_DAYS(purchased)) (
+PARTITION p0 VALUES LESS THAN (1990) (
+SUBPARTITION s0a
+DATA DIRECTORY = 'TEST_DIR/master-data/test',
+SUBPARTITION s0b
+DATA DIRECTORY = 'TEST_DIR/master-data/test'
+));
+ERROR HY000: Incorrect arguments to DATA DIRECORY
+CREATE TABLE ts (id INT, purchased DATE)
+PARTITION BY RANGE(YEAR(purchased))
+SUBPARTITION BY HASH(TO_DAYS(purchased)) (
+PARTITION p0 VALUES LESS THAN (1990) (
+SUBPARTITION s0a
+INDEX DIRECTORY = 'TEST_DIR/master-data/test',
+SUBPARTITION s0b
+INDEX DIRECTORY = 'TEST_DIR/master-data/test'
+));
+ERROR HY000: Incorrect arguments to INDEX DIRECORY
 End of 5.1 tests
diff -Nrup a/mysql-test/r/partition_not_windows.result b/mysql-test/r/partition_not_windows.result
--- a/mysql-test/r/partition_not_windows.result	2007-04-23 22:50:32 +05:00
+++ b/mysql-test/r/partition_not_windows.result	2007-12-18 16:48:10 +04:00
@@ -1,13 +1,13 @@
 create table t1 (a int) engine myisam
 partition by range (a)
 subpartition by hash (a)
-(partition p0 VALUES LESS THAN (1) DATA DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpinx'
+(partition p0 VALUES LESS THAN (1) DATA DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpinx'
 (SUBPARTITION subpart00, SUBPARTITION subpart01));
 Checking if file exists before alter
 ALTER TABLE t1 REORGANIZE PARTITION p0 INTO
-(partition p1 VALUES LESS THAN (1) DATA DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpinx'
+(partition p1 VALUES LESS THAN (1) DATA DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpinx'
 (SUBPARTITION subpart10, SUBPARTITION subpart11),
-partition p2 VALUES LESS THAN (2) DATA DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/master-data/tmpinx'
+partition p2 VALUES LESS THAN (2) DATA DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpdata' INDEX DIRECTORY = 'MYSQLTEST_VARDIR/tmp/tmpinx'
 (SUBPARTITION subpart20, SUBPARTITION subpart21));
 Checking if file exists after alter
 drop table t1;
diff -Nrup a/mysql-test/r/partition_symlink.result b/mysql-test/r/partition_symlink.result
--- a/mysql-test/r/partition_symlink.result	2007-11-12 16:23:43 +04:00
+++ b/mysql-test/r/partition_symlink.result	2007-12-18 16:48:10 +04:00
@@ -13,11 +13,11 @@ USE test;
 CREATE TABLE t1 (a INT)
 PARTITION BY LIST (a) (
 PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2',
 PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/test',
 PARTITION p2 VALUES IN (2)
 );
 # without the patch for bug#32091 this would create
@@ -49,34 +49,33 @@ USE mysqltest2;
 CREATE TABLE t1 (a INT)
 PARTITION BY LIST (a) (
 PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2',
 PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
    );
 # user mysqltest_1:
 USE test;
 CREATE TABLE t1 (a INT)
 PARTITION BY LIST (a) (
 PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2',
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2',
 PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
    );
 Got one of the listed errors
 CREATE TABLE t1 (a INT)
 PARTITION BY LIST (a) (
 PARTITION p0 VALUES IN (0)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/test',
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/test',
 PARTITION p1 VALUES IN (1)
-DATA DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY 'MYSQLTEST_VARDIR/master-data/mysqltest2'
+DATA DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY 'MYSQLTEST_VARDIR/tmp/mysqltest2'
   );
-Got one of the listed errors
 # user root (cleanup):
 DROP DATABASE mysqltest2;
 USE test;
diff -Nrup a/mysql-test/r/symlink.result b/mysql-test/r/symlink.result
--- a/mysql-test/r/symlink.result	2007-11-12 21:55:50 +04:00
+++ b/mysql-test/r/symlink.result	2007-12-18 16:48:10 +04:00
@@ -100,23 +100,15 @@ t1	CREATE TABLE `t1` (
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
 drop table t1;
 CREATE TABLE t1(a INT)
-DATA DIRECTORY='TEST_DIR/master-data/mysql'
-INDEX DIRECTORY='TEST_DIR/master-data/mysql';
-RENAME TABLE t1 TO user;
-ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
-DROP TABLE t1;
-show create table t1;
-Table	Create Table
-t1	CREATE TABLE `t1` (
-  `i` int(11) DEFAULT NULL
-) ENGINE=MyISAM DEFAULT CHARSET=latin1
-drop table t1;
-show create table t1;
-Table	Create Table
-t1	CREATE TABLE `t1` (
-  `i` int(11) DEFAULT NULL
-) ENGINE=MyISAM DEFAULT CHARSET=latin1
-drop table t1;
+DATA DIRECTORY='TEST_DIR/tmp'
+INDEX DIRECTORY='TEST_DIR/tmp';
+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
+CREATE TABLE t2(a INT)
+DATA DIRECTORY='TEST_DIR/tmp'
+INDEX DIRECTORY='TEST_DIR/tmp';
+RENAME TABLE t2 TO t1;
+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
+DROP TABLE t2;
 show create table t1;
 Table	Create Table
 t1	CREATE TEMPORARY TABLE `t1` (
@@ -139,26 +131,25 @@ a
 42
 drop table t1;
 End of 4.1 tests
-CREATE DATABASE db1;
-CREATE DATABASE db2;
-USE db2;
-INSERT INTO db2.t1 VALUES (1);
-SELECT * FROM db2.t1;
-b
-1
-RESET QUERY CACHE;
-USE db1;
 SET SESSION keep_files_on_create = TRUE;
 CREATE TABLE t1 (a INT) ENGINE MYISAM;
-Got one of the listed errors
-CREATE TABLE t3 (a INT) Engine=MyISAM;
-INSERT INTO t3 VALUES (1),(2),(3);
-TRUNCATE TABLE t3;
-SELECT * from t3;
-a
-SET SESSION keep_files_on_create = DEFAULT;
-DROP TABLE db2.t1, db1.t3;
-DROP DATABASE db1;
-DROP DATABASE db2;
-USE test;
+ERROR HY000: Can't create/write to file './test/t1.MYD' (Errcode: 17)
+SET SESSION keep_files_on_create = FALSE;
+CREATE TABLE t1 (a INT) ENGINE MYISAM;
+DROP TABLE t1;
 End of 5.0 tests
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='TEST_DIR/master-data/mysql';
+ERROR HY000: Incorrect arguments to INDEX DIRECORY
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/master-data/test';
+ERROR HY000: Incorrect arguments to DATA DIRECORY
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='/home/gluh/MySQL/Bugs/5.1.22167/mysql-test/var/master-data/';
+DROP TABLE t1;
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='/home/gluh/MySQL/Bugs/5.1.22167/mysql-test/var/master-data';
+DROP TABLE t1;
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='/home/gluh/MySQL/Bugs/5.1.22167/mysql-test/var/master-data_var';
+ERROR HY000: Can't create/write to file '/home/gluh/MySQL/Bugs/5.1.22167/mysql-test/var/master-data_var/t1.MYI' (Errcode: 2)
diff -Nrup a/mysql-test/t/partition.test b/mysql-test/t/partition.test
--- a/mysql-test/t/partition.test	2007-11-27 22:20:08 +04:00
+++ b/mysql-test/t/partition.test	2007-12-18 16:48:10 +04:00
@@ -1407,8 +1407,8 @@ eval create table t2 (i int )
 partition by range (i)
 (
     partition p01 values less than (1000)
-    data directory="$MYSQLTEST_VARDIR/master-data/test/"
-    index directory="$MYSQLTEST_VARDIR/master-data/test/"
+    data directory="$MYSQLTEST_VARDIR/tmp/"
+    index directory="$MYSQLTEST_VARDIR/tmp/"
 );
 enable_query_log;
 
@@ -1555,5 +1555,43 @@ ALTER TABLE t1 OPTIMIZE PARTITION p1 EXT
 --error 1064
 ALTER TABLE t1 ANALYZE PARTITION p1 EXTENDED;
 DROP TABLE t1;
+
+#
+# Bug#32167: another privilege bypass with DATA/INDEX DIRECTORY
+#
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE t1(a INT)
+PARTITION BY KEY (a)
+(PARTITION p0 DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test');
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE t1(a INT)
+PARTITION BY KEY (a)
+(PARTITION p0 INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test');
+
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE ts (id INT, purchased DATE)
+PARTITION BY RANGE(YEAR(purchased))
+SUBPARTITION BY HASH(TO_DAYS(purchased)) (
+PARTITION p0 VALUES LESS THAN (1990) (
+SUBPARTITION s0a
+  DATA DIRECTORY = '$MYSQLTEST_VARDIR/master-data/test',
+SUBPARTITION s0b
+  DATA DIRECTORY = '$MYSQLTEST_VARDIR/master-data/test'
+));
+
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE ts (id INT, purchased DATE)
+PARTITION BY RANGE(YEAR(purchased))
+SUBPARTITION BY HASH(TO_DAYS(purchased)) (
+PARTITION p0 VALUES LESS THAN (1990) (
+SUBPARTITION s0a
+  INDEX DIRECTORY = '$MYSQLTEST_VARDIR/master-data/test',
+SUBPARTITION s0b
+  INDEX DIRECTORY = '$MYSQLTEST_VARDIR/master-data/test'
+));
 
 --echo End of 5.1 tests
diff -Nrup a/mysql-test/t/partition_not_windows.test b/mysql-test/t/partition_not_windows.test
--- a/mysql-test/t/partition_not_windows.test	2007-04-26 01:54:24 +05:00
+++ b/mysql-test/t/partition_not_windows.test	2007-12-18 16:48:10 +04:00
@@ -12,12 +12,12 @@
 #                       doesn't remove old directory
 
 --disable_query_log
---exec mkdir $MYSQLTEST_VARDIR/master-data/tmpdata || true
-eval SET @data_dir = 'DATA DIRECTORY = ''$MYSQLTEST_VARDIR/master-data/tmpdata''';
+--exec mkdir $MYSQLTEST_VARDIR/tmp/tmpdata || true
+eval SET @data_dir = 'DATA DIRECTORY = ''$MYSQLTEST_VARDIR/tmp/tmpdata''';
 let $data_directory = `select @data_dir`;
 
---exec mkdir $MYSQLTEST_VARDIR/master-data/tmpinx || true
-eval SET @inx_dir = 'INDEX DIRECTORY = ''$MYSQLTEST_VARDIR/master-data/tmpinx''';
+--exec mkdir $MYSQLTEST_VARDIR/tmp/tmpinx || true
+eval SET @inx_dir = 'INDEX DIRECTORY = ''$MYSQLTEST_VARDIR/tmp/tmpinx''';
 let $inx_directory = `select @inx_dir`;
 --enable_query_log
 
@@ -35,10 +35,10 @@ subpartition by hash (a)
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart00.MYI
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart01.MYD
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart01.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p0#SP#subpart00.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p0#SP#subpart01.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p0#SP#subpart00.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p0#SP#subpart01.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p0#SP#subpart00.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p0#SP#subpart01.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p0#SP#subpart00.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p0#SP#subpart01.MYI
 
 --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
 eval ALTER TABLE t1 REORGANIZE PARTITION p0 INTO
@@ -58,18 +58,18 @@ eval ALTER TABLE t1 REORGANIZE PARTITION
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart20.MYI
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart21.MYD
 --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart21.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p1#SP#subpart10.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p1#SP#subpart11.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p2#SP#subpart20.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p2#SP#subpart21.MYD
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p1#SP#subpart10.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p1#SP#subpart11.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p2#SP#subpart20.MYI
---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p2#SP#subpart21.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p1#SP#subpart10.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p1#SP#subpart11.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p2#SP#subpart20.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p2#SP#subpart21.MYD
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p1#SP#subpart10.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p1#SP#subpart11.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p2#SP#subpart20.MYI
+--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p2#SP#subpart21.MYI
 
 drop table t1;
---exec rmdir $MYSQLTEST_VARDIR/master-data/tmpdata || true
---exec rmdir $MYSQLTEST_VARDIR/master-data/tmpinx || true
+--exec rmdir $MYSQLTEST_VARDIR/tmp/tmpdata || true
+--exec rmdir $MYSQLTEST_VARDIR/tmp/tmpinx || true
 
 # End Windows specific test failures.
 
diff -Nrup a/mysql-test/t/partition_symlink.test b/mysql-test/t/partition_symlink.test
--- a/mysql-test/t/partition_symlink.test	2007-11-13 14:12:51 +04:00
+++ b/mysql-test/t/partition_symlink.test	2007-12-18 16:48:10 +04:00
@@ -24,6 +24,10 @@ DROP DATABASE IF EXISTS mysqltest2;
 # files, but not the other way around (any db-user can use any
 # directory or file that the mysqld-process can use, via DATA/INDEX DIR)
 # this is the security flaw that was used in bug#32091 and bug#32111
+
+--exec mkdir $MYSQLTEST_VARDIR/tmp/test || true
+--exec mkdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
+
 -- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
 -- echo # test.t1 have partitions in mysqltest2-directory!
 -- echo # user root:
@@ -39,11 +43,11 @@ connect(con1,localhost,mysqltest_1,,);
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/test',
     PARTITION p2 VALUES IN (2)
   );
   -- echo # without the patch for bug#32091 this would create
@@ -80,11 +84,11 @@ connection default;
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
    );
 connection con1;
 -- echo # user mysqltest_1:
@@ -94,22 +98,21 @@ connection con1;
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
    );
   -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
-  -- error 1,1
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/test'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/test',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp/mysqltest2'
   );
 connection default;
 -- echo # user root (cleanup):
@@ -118,4 +121,5 @@ connection default;
   DROP USER mysqltest_1@localhost;
   disconnect con1;
 
-
+--exec rmdir $MYSQLTEST_VARDIR/tmp/test || true
+--exec rmdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
diff -Nrup a/mysql-test/t/symlink.test b/mysql-test/t/symlink.test
--- a/mysql-test/t/symlink.test	2007-11-12 21:55:50 +04:00
+++ b/mysql-test/t/symlink.test	2007-12-18 16:48:10 +04:00
@@ -123,29 +123,23 @@ drop table t1;
 #
 # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
 #
+--write_file $MYSQLTEST_VARDIR/tmp/t1.MYI
+EOF
 --replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1
 eval CREATE TABLE t1(a INT)
-DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
-INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+eval CREATE TABLE t2(a INT)
+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
 --replace_result $MYSQLTEST_VARDIR TEST_DIR
 --error 1
-RENAME TABLE t1 TO user;
-DROP TABLE t1;
-
-#
-# Test specifying DATA DIRECTORY that is the same as what would normally
-# have been chosen. (Bug #8707)
-#
-disable_query_log;
-eval create table t1 (i int) data directory = "$MYSQLTEST_VARDIR/master-data/test/";
-enable_query_log;
-show create table t1;
-drop table t1;
-disable_query_log;
-eval create table t1 (i int) index directory = "$MYSQLTEST_VARDIR/master-data/test/";
-enable_query_log;
-show create table t1;
-drop table t1;
+RENAME TABLE t2 TO t1;
+DROP TABLE t2;
+--error 0,1
+--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI
 
 #
 # Bug#8706 - temporary table with data directory option fails
@@ -189,40 +183,38 @@ drop table t1;
 #
 # Bug #29325: create table overwrites .MYD file of other table (datadir)
 #
-
-CREATE DATABASE db1; 
-CREATE DATABASE db2;
-
-USE db2;
---disable_query_log
-eval CREATE TABLE t1 (b INT) ENGINE MYISAM
-DATA DIRECTORY = '$MYSQLTEST_VARDIR/master-data/db1/';
---enable_query_log
-
-INSERT INTO db2.t1 VALUES (1);
-SELECT * FROM db2.t1;
-RESET QUERY CACHE;
-
-USE db1;
-
-#no warning from create table
 SET SESSION keep_files_on_create = TRUE;
+--write_file $MYSQLTEST_VARDIR/master-data/test/t1.MYD
+EOF
 --disable_abort_on_error
---error 1,1
+--error 1
 CREATE TABLE t1 (a INT) ENGINE MYISAM;
+--error 0,1
+--remove_file $MYSQLTEST_VARDIR/master-data/test/t1.MYD;
 --enable_abort_on_error
-
-CREATE TABLE t3 (a INT) Engine=MyISAM;
-INSERT INTO t3 VALUES (1),(2),(3);
-TRUNCATE TABLE t3;
-SELECT * from t3;
-
-SET SESSION keep_files_on_create = DEFAULT;
-
-DROP TABLE db2.t1, db1.t3;
-DROP DATABASE db1;
-DROP DATABASE db2;
-USE test;
-
+SET SESSION keep_files_on_create = FALSE;
+CREATE TABLE t1 (a INT) ENGINE MYISAM;
+DROP TABLE t1;
 
 --echo End of 5.0 tests
+
+#
+# Bug#32167: another privilege bypass with DATA/INDEX DIRECTORY
+#
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1210
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/test';
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/';
+DROP TABLE t1;
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data';
+DROP TABLE t1;
+--error 1
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data_var';
diff -Nrup a/sql/mysql_priv.h b/sql/mysql_priv.h
--- a/sql/mysql_priv.h	2007-11-29 15:42:23 +04:00
+++ b/sql/mysql_priv.h	2007-12-18 16:48:10 +04:00
@@ -709,6 +709,7 @@ bool check_string_byte_length(LEX_STRING
 bool check_string_char_length(LEX_STRING *str, const char *err_msg,
                               uint max_char_length, CHARSET_INFO *cs,
                               bool no_error);
+bool test_if_data_home_dir(const char *dir);
 
 bool parse_sql(THD *thd,
                class Lex_input_stream *lip,
@@ -1733,7 +1734,8 @@ extern time_t server_start_time;
 #if defined MYSQL_SERVER || defined INNODB_COMPATIBILITY_HOOKS
 extern uint mysql_data_home_len;
 extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
-            mysql_real_data_home[];
+            mysql_real_data_home[], mysql_unpacked_real_data_home[];
+extern CHARSET_INFO *character_set_filesystem;
 #endif /* MYSQL_SERVER || INNODB_COMPATIBILITY_HOOKS */
 #ifdef MYSQL_SERVER
 extern char *opt_mysql_tmpdir, mysql_charsets_dir[],
diff -Nrup a/sql/mysqld.cc b/sql/mysqld.cc
--- a/sql/mysqld.cc	2007-11-28 20:08:25 +04:00
+++ b/sql/mysqld.cc	2007-12-18 16:48:10 +04:00
@@ -489,6 +489,7 @@ char mysql_real_data_home[FN_REFLEN],
      language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
      *opt_init_file, *opt_tc_log_file,
      def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+char mysql_unpacked_real_data_home[FN_REFLEN];
 uint reg_ext_length;
 const key_map key_map_empty(0);
 key_map key_map_full(0);                        // Will be initialized later
@@ -8003,6 +8004,9 @@ static void fix_paths(void)
     pos[1]= 0;
   }
   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
+  (void) fn_format(buff, mysql_real_data_home, "", "",
+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
   convert_dirname(language,language,NullS);
   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
diff -Nrup a/sql/partition_info.cc b/sql/partition_info.cc
--- a/sql/partition_info.cc	2007-08-13 18:11:12 +05:00
+++ b/sql/partition_info.cc	2007-12-18 16:48:10 +04:00
@@ -1040,4 +1040,60 @@ error:
   mem_alloc_error(size);
   DBUG_RETURN(TRUE);
 }
+
+
+/*
+  Check if path does not contain mysql data home directory
+  for partition elements with data directory and index directory
+
+  SYNOPSIS
+    check_partition_dirs()
+    part_info               partition_info struct 
+
+  RETURN VALUES
+    0	ok
+    1	error  
+*/
+
+bool check_partition_dirs(partition_info *part_info)
+{
+  if (!part_info)
+    return 0;
+
+  partition_element *part_elem;
+  List_iterator<partition_element> part_it(part_info->partitions);
+  while ((part_elem= part_it++))
+  {
+    if (part_elem->subpartitions.elements)
+    {
+      List_iterator<partition_element> sub_it(part_elem->subpartitions);
+      partition_element *subpart_elem;
+      while ((subpart_elem= sub_it++))
+      {
+        if (test_if_data_home_dir(subpart_elem->data_file_name))
+          goto dd_err;
+        if (test_if_data_home_dir(subpart_elem->index_file_name))
+          goto id_err;
+      }
+    }
+    else
+    {
+      if (test_if_data_home_dir(part_elem->data_file_name))
+        goto dd_err;
+      if (test_if_data_home_dir(part_elem->index_file_name))
+        goto id_err;
+    }
+  }
+  return 0;
+
+dd_err:
+  my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
+  return 1;
+
+id_err:
+  my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
+  return 1;
+}
+
+
 #endif /* WITH_PARTITION_STORAGE_ENGINE */
diff -Nrup a/sql/partition_info.h b/sql/partition_info.h
--- a/sql/partition_info.h	2007-09-14 15:17:40 +05:00
+++ b/sql/partition_info.h	2007-12-18 16:48:10 +04:00
@@ -290,6 +290,7 @@ private:
 };
 
 uint32 get_next_partition_id_range(struct st_partition_iter* part_iter);
+bool check_partition_dirs(partition_info *part_info);
 
 /* Initialize the iterator to return a single partition with given part_id */
 
diff -Nrup a/sql/sql_parse.cc b/sql/sql_parse.cc
--- a/sql/sql_parse.cc	2007-11-30 17:12:18 +04:00
+++ b/sql/sql_parse.cc	2007-12-18 16:48:10 +04:00
@@ -2241,6 +2241,28 @@ mysql_execute_command(THD *thd)
                    "INDEX DIRECTORY option ignored");
     create_info.data_file_name= create_info.index_file_name= NULL;
 #else
+
+    if (test_if_data_home_dir(lex->create_info.data_file_name))
+    {
+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
+      res= -1;
+      break;
+    }
+    if (test_if_data_home_dir(lex->create_info.index_file_name))
+    {
+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
+      res= -1;
+      break;
+    }
+
+#ifdef WITH_PARTITION_STORAGE_ENGINE
+    if (check_partition_dirs(thd->lex->part_info))
+    {
+      res= -1;
+      break;
+    }
+#endif
+
     /* Fix names if symlinked tables */
     if (append_file_to_dir(thd, &create_info.data_file_name,
 			   create_table->table_name) ||
@@ -7274,6 +7296,49 @@ bool check_string_char_length(LEX_STRING
   if (!no_error)
     my_error(ER_WRONG_STRING_LENGTH, MYF(0), str->str, err_msg, max_char_length);
   return TRUE;
+}
+
+
+/*
+  Check if path does not contain mysql data home directory
+  SYNOPSIS
+    test_if_data_home_dir()
+    dir                     directory
+    conv_home_dir           converted data home directory
+    home_dir_len            converted data home directory length
+
+  RETURN VALUES
+    0	ok
+    1	error  
+*/
+
+bool test_if_data_home_dir(const char *dir)
+{
+  char path[FN_REFLEN], conv_path[FN_REFLEN];
+  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
+  DBUG_ENTER("test_if_data_home_dir");
+
+  if (!dir)
+    DBUG_RETURN(0);
+
+  (void) fn_format(path, dir, "", "",
+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+  dir_len= unpack_dirname(conv_path, dir);
+
+  if (home_dir_len < dir_len)
+  {
+    if (lower_case_file_system)
+    {
+      if (!my_strnncoll(character_set_filesystem,
+                        (const uchar*) conv_path, home_dir_len,
+                        (const uchar*) mysql_unpacked_real_data_home,
+                        home_dir_len))
+        DBUG_RETURN(1);
+    }
+    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
+      DBUG_RETURN(1);
+  }
+  DBUG_RETURN(0);
 }
 
 
Thread
bk commit into 5.1 tree (gluh:1.2679) BUG#32167gluh18 Dec
  • Re: bk commit into 5.1 tree (gluh:1.2679) BUG#32167Sergei Golubchik27 Dec