MySQL Lists: commits: Re: bk commit into 5.1 tree (gluh:1.2679) BUG#32167

List:	Commits	« Previous Message Next Message »
From:	Sergei Golubchik	Date:	December 27 2007 4:34pm
Subject:	Re: bk commit into 5.1 tree (gluh:1.2679) BUG#32167
View as plain text
Hi!

On Dec 18, gluh@stripped wrote:
> ChangeSet@stripped, 2007-12-18 16:48:12+04:00, gluh@stripped +13 -0
>   Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(2nd version for 5.1)
>   added new function test_if_data_home_dir() which checks that
>   path does not contain mysql data home directory.
>   Using of 'mysql data home'/'any db name' in
>   DATA DIRECTORY & INDEX DIRECTORY is disallowed

Basically ok.
The code is good, see a couple of questions/comments about test cases
below.
 
> diff -Nrup a/mysql-test/t/partition_not_windows.test
> b/mysql-test/t/partition_not_windows.test
> --- a/mysql-test/t/partition_not_windows.test	2007-04-26 01:54:24 +05:00
> +++ b/mysql-test/t/partition_not_windows.test	2007-12-18 16:48:10 +04:00
> @@ -12,12 +12,12 @@
>  #                       doesn't remove old directory
>  
>  --disable_query_log
> ---exec mkdir $MYSQLTEST_VARDIR/master-data/tmpdata || true
> -eval SET @data_dir = 'DATA DIRECTORY = ''$MYSQLTEST_VARDIR/master-data/tmpdata''';
> +--exec mkdir $MYSQLTEST_VARDIR/tmp/tmpdata || true
> +eval SET @data_dir = 'DATA DIRECTORY = ''$MYSQLTEST_VARDIR/tmp/tmpdata''';
>  let $data_directory = `select @data_dir`;

eh, --exec in test files is discouraged. This test doesn't really need
tmpdata and tmpinx subdirectories, does it ? It could create everything
in tmp/.

Please remove mkdir/rmdir and tmpdata/tmpinx here.
  
> ---exec mkdir $MYSQLTEST_VARDIR/master-data/tmpinx || true
> -eval SET @inx_dir = 'INDEX DIRECTORY = ''$MYSQLTEST_VARDIR/master-data/tmpinx''';
> +--exec mkdir $MYSQLTEST_VARDIR/tmp/tmpinx || true
> +eval SET @inx_dir = 'INDEX DIRECTORY = ''$MYSQLTEST_VARDIR/tmp/tmpinx''';
>  let $inx_directory = `select @inx_dir`;
>  --enable_query_log
>  
> @@ -35,10 +35,10 @@ subpartition by hash (a)
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart00.MYI
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart01.MYD
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p0#SP#subpart01.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p0#SP#subpart00.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p0#SP#subpart01.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p0#SP#subpart00.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p0#SP#subpart01.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p0#SP#subpart00.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p0#SP#subpart01.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p0#SP#subpart00.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p0#SP#subpart01.MYI
>  
>  --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
>  eval ALTER TABLE t1 REORGANIZE PARTITION p0 INTO
> @@ -58,18 +58,18 @@ eval ALTER TABLE t1 REORGANIZE PARTITION
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart20.MYI
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart21.MYD
>  --file_exists $MYSQLTEST_VARDIR/master-data/test/t1#P#p2#SP#subpart21.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p1#SP#subpart10.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p1#SP#subpart11.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p2#SP#subpart20.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpdata/t1#P#p2#SP#subpart21.MYD
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p1#SP#subpart10.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p1#SP#subpart11.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p2#SP#subpart20.MYI
> ---file_exists $MYSQLTEST_VARDIR/master-data/tmpinx/t1#P#p2#SP#subpart21.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p1#SP#subpart10.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p1#SP#subpart11.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p2#SP#subpart20.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpdata/t1#P#p2#SP#subpart21.MYD
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p1#SP#subpart10.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p1#SP#subpart11.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p2#SP#subpart20.MYI
> +--file_exists $MYSQLTEST_VARDIR/tmp/tmpinx/t1#P#p2#SP#subpart21.MYI
>  
>  drop table t1;
> ---exec rmdir $MYSQLTEST_VARDIR/master-data/tmpdata || true
> ---exec rmdir $MYSQLTEST_VARDIR/master-data/tmpinx || true
> +--exec rmdir $MYSQLTEST_VARDIR/tmp/tmpdata || true
> +--exec rmdir $MYSQLTEST_VARDIR/tmp/tmpinx || true
>  
>  # End Windows specific test failures.
>  
> diff -Nrup a/mysql-test/t/partition_symlink.test
> b/mysql-test/t/partition_symlink.test
> --- a/mysql-test/t/partition_symlink.test	2007-11-13 14:12:51 +04:00
> +++ b/mysql-test/t/partition_symlink.test	2007-12-18 16:48:10 +04:00
> @@ -24,6 +24,10 @@ DROP DATABASE IF EXISTS mysqltest2;
>  # files, but not the other way around (any db-user can use any
>  # directory or file that the mysqld-process can use, via DATA/INDEX DIR)
>  # this is the security flaw that was used in bug#32091 and bug#32111
> +
> +--exec mkdir $MYSQLTEST_VARDIR/tmp/test || true
> +--exec mkdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true

same here. the test doesn't need different subdirectories, remove
mkdir/rmdir and do everything in tmp/


>  -- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
>  -- echo # test.t1 have partitions in mysqltest2-directory!
> diff -Nrup a/mysql-test/t/symlink.test b/mysql-test/t/symlink.test
> --- a/mysql-test/t/symlink.test	2007-11-12 21:55:50 +04:00
> +++ b/mysql-test/t/symlink.test	2007-12-18 16:48:10 +04:00
> @@ -123,29 +123,23 @@ drop table t1;
>  #
>  # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
>  #
> +--write_file $MYSQLTEST_VARDIR/tmp/t1.MYI
> +EOF
>  --replace_result $MYSQLTEST_VARDIR TEST_DIR
> +--error 1
>  eval CREATE TABLE t1(a INT)
> +DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
> +INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
> +--replace_result $MYSQLTEST_VARDIR TEST_DIR
> +eval CREATE TABLE t2(a INT)
> +DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
> +INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
>  --replace_result $MYSQLTEST_VARDIR TEST_DIR
>  --error 1
> +RENAME TABLE t2 TO t1;
> +DROP TABLE t2;
> +--error 0,1
> +--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI

good test. but why error 0,1 ?
  
>  #
>  # Bug#8706 - temporary table with data directory option fails

Regards / Mit vielen Grüssen,
Sergei

-- 
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <serg@stripped>
 / /|_/ / // /\ \/ /_/ / /__  Principal Software Developer
/_/  /_/\_, /___/\___\_\___/  MySQL GmbH, Dachauer Str. 37, D-80335 München
       <___/                  Geschäftsführer: Kaj Arnö - HRB
München 162140
Thread
• bk commit into 5.1 tree (gluh:1.2679) BUG#32167	gluh	18 Dec
• Re: bk commit into 5.1 tree (gluh:1.2679) BUG#32167	Sergei Golubchik	27 Dec