#At file:///C:/source/bzr/mysql-6.0-bug-39581/ based on revid:hema@stripped
2758 Chuck Bell 2009-02-05
BUG#39581 : BACKUP file restrictions should be decoupled from FILE file restrictions
This patch creeates a new --secure-backup-file-priv startup option and
secure_backup_file_priv read only variable. This replaces the original
use of the --secure-file-priv and associated variable. This change was
needed to prevent exploitation of a security vulnerability by giving too
much access to backup and restore. The new --secure-backup-file-priv
allows administrators to restrict backup and restore to/from a specific
directory.
Attention: This patch contains three file moves. To apply this patch
you must first execute the following commands from the tree root:
bzr mv ./mysql-test/suite/backup/t/backup_securefilepriv.test ./mysql-test/suite/backup/t/backup_securebackup.test
bzr mv ./mysql-test/suite/backup/r/backup_securefilepriv.result ./mysql-test/suite/backup/r/backup_securebackup.result
bzr mv ./mysql-test/suite/backup/t/backup_securefilepriv-master.opt ./mysql-test/suite/backup/t/backup_securebackup-master.opt
renamed:
mysql-test/suite/backup/r/backup_securefilepriv.result => mysql-test/suite/backup/r/backup_securebackup.result
mysql-test/suite/backup/t/backup_securefilepriv-master.opt => mysql-test/suite/backup/t/backup_securebackup-master.opt
mysql-test/suite/backup/t/backup_securefilepriv.test => mysql-test/suite/backup/t/backup_securebackup.test
modified:
mysql-test/lib/mtr_report.pl
sql/backup/kernel.cc
sql/backup/stream.cc
sql/mysql_priv.h
sql/mysqld.cc
sql/set_var.cc
mysql-test/suite/backup/r/backup_securebackup.result
mysql-test/suite/backup/t/backup_securebackup-master.opt
mysql-test/suite/backup/t/backup_securebackup.test
per-file messages:
mysql-test/lib/mtr_report.pl
Changed report warning override due to change in test name.
mysql-test/suite/backup/r/backup_securebackup.result
Corrected result file.
mysql-test/suite/backup/t/backup_securebackup-master.opt
Added new --secure-backup-file-priv option.
mysql-test/suite/backup/t/backup_securebackup.test
Renamed test.
Changed test to use new option.
Added tests to ensure no cross over with --secure-file-priv.
sql/backup/kernel.cc
Changed code to use the new secure-backup-file-priv option.
sql/backup/stream.cc
Changed code to use the new secure-backup-file-priv option.
sql/mysql_priv.h
Added definition for secure-backup-file-priv option.
sql/mysqld.cc
Added definition, creation, and destruction for new secure-backup-file-priv option.
sql/set_var.cc
Added a new option system variable (read only) for secure-backup-file-priv.
=== modified file 'mysql-test/lib/mtr_report.pl'
--- a/mysql-test/lib/mtr_report.pl 2009-01-29 10:42:21 +0000
+++ b/mysql-test/lib/mtr_report.pl 2009-02-05 20:49:07 +0000
@@ -382,8 +382,8 @@ sub mtr_report_stats ($) {
/Restore: Tablespace .* needed by tables being restored, but the current/
) or
- # The backup_securefilepriv test triggers error below on purpose
- ($testname eq 'backup.backup_securefilepriv') and
+ # The backup_securebackup test triggers error below on purpose
+ ($testname eq 'backup.backup_securebackup') and
(
/Backup: The MySQL server is running with the /
) or
=== renamed file 'mysql-test/suite/backup/r/backup_securefilepriv.result' => 'mysql-test/suite/backup/r/backup_securebackup.result'
--- a/mysql-test/suite/backup/r/backup_securefilepriv.result 2008-10-07 17:15:44 +0000
+++ b/mysql-test/suite/backup/r/backup_securebackup.result 2009-02-05 20:49:07 +0000
@@ -8,51 +8,67 @@ INSERT INTO mysqltest.t1 VALUES (1),(2),
Starting tests
-Backup to path specified by --secure-file-priv option
-(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp1.bak';
+Backup to path specified by --secure-backup-file-priv option
+(MYSQLTEST_VARDIR/master-data/securebackup_path)
+BACKUP DATABASE mysqltest TO 'securebackup_path/bup_sfp1.bak';
backup_id
#
Ensure backup image file went to the correct location
-Backup to subpath of path specified by --secure-file-priv option
-(MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/subpath/bup_sfp2.bak';
+Backup to subpath of path specified by --secure-backup-file-priv option
+(MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
+BACKUP DATABASE mysqltest TO 'securebackup_path/subpath/bup_sfp2.bak';
backup_id
#
Ensure backup image file went to the correct location
-Change backupdir to securefilepriv_path/subpath
-(MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
-SET @@global.backupdir = 'securefilepriv_path/subpath';
+Change backupdir to securebackup_path/subpath
+(MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
+SET @@global.backupdir = 'securebackup_path/subpath';
-Backup to subpath of path specified by --secure-file-priv option,
+Backup to subpath of path specified by --secure-backup-file-priv option,
no dir in backup file name
-(MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
+(MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
BACKUP DATABASE mysqltest TO 'bup_sfp3.bak';
backup_id
#
Ensure backup image file went to the correct location
-Backup to path specified by --secure-file-priv,
+Backup to path specified by --secure-backup-file-priv,
relative path in backup file name
-(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+(MYSQLTEST_VARDIR/master-data/securebackup_path)
BACKUP DATABASE mysqltest TO '../bup_sfp4.bak';
backup_id
#
Ensure backup image file went to the correct location
-Backup to relative path outside path specified by --secure-file-priv
+Backup to relative path outside path specified by --secure-backup-file-priv
option should fail
BACKUP DATABASE mysqltest TO '../../bup_sfp_fail1.bak';
-ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
Reset backupdir to MYSQLTEST_VARDIR/master-data/
SET @@global.backupdir = @@global.datadir;
-Backup to other path than specified by --secure-file-priv should fail
+Backup to other path than specified by --secure-backup-file-priv should fail
BACKUP DATABASE mysqltest TO 'bup_sfp_fail2.bak';
-ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+RESTORE FROM 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+
+Change backupdir to securebackup_path/subpath
+(MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
+SET @@global.backupdir = 'securefilepriv_path/subpath';
+(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+RESTORE FROM 'securefilepriv_path/bup_sfp1.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
Cleanup
=== renamed file 'mysql-test/suite/backup/t/backup_securefilepriv-master.opt' => 'mysql-test/suite/backup/t/backup_securebackup-master.opt'
--- a/mysql-test/suite/backup/t/backup_securefilepriv-master.opt 2008-10-07 17:15:44 +0000
+++ b/mysql-test/suite/backup/t/backup_securebackup-master.opt 2009-02-05 20:49:07 +0000
@@ -1 +1,2 @@
+--secure-backup-file-priv=$MYSQLTEST_VARDIR/master-data/securebackup_path
--secure-file-priv=$MYSQLTEST_VARDIR/master-data/securefilepriv_path
=== renamed file 'mysql-test/suite/backup/t/backup_securefilepriv.test' => 'mysql-test/suite/backup/t/backup_securebackup.test'
--- a/mysql-test/suite/backup/t/backup_securefilepriv.test 2008-10-07 17:15:44 +0000
+++ b/mysql-test/suite/backup/t/backup_securebackup.test 2009-02-05 20:49:07 +0000
@@ -1,11 +1,12 @@
#
# Purpose: Backup images should only be allowed to be written to the
-# path specified by --secure-file-priv option or a sub-path of it.
+# path specified by --secure-backup-file-priv option or a sub-path of it.
#
-# See backup_securefilepriv-master.opt for --secure-file-priv command line option
+# See backup_securefilepriv-master.opt for --secure-backup-file-priv command line option
#
-# backupdir is MYSQLTEST_VARDIR/master-data/
-# secure-file-priv is MYSQLTEST_VARDIR/master-data/securefilepriv_path/
+# backupdir is MYSQLTEST_VARDIR/master-data/
+# secure-file-priv is MYSQLTEST_VARDIR/master-data/securefilepriv_path/
+# secure-backupfile-priv is MYSQLTEST_VARDIR/master-data/securebackup_path/
--source include/not_embedded.inc
@@ -14,11 +15,17 @@
--error 0,1
rmdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath;
--error 0,1
+rmdir $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath;
+--error 0,1
rmdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path;
+--error 0,1
+rmdir $MYSQLTEST_VARDIR/master-data/securebackup_path;
--echo Create directories for backup images
mkdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path;
mkdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath;
+mkdir $MYSQLTEST_VARDIR/master-data/securebackup_path;
+mkdir $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath;
--echo Creating database and populating tables
@@ -36,64 +43,64 @@ INSERT INTO mysqltest.t1 VALUES (1),(2),
--echo Starting tests
--echo
---echo Backup to path specified by --secure-file-priv option
---echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--echo Backup to path specified by --secure-backup-file-priv option
+--echo (MYSQLTEST_VARDIR/master-data/securebackup_path)
--replace_column 1 #
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp1.bak';
+BACKUP DATABASE mysqltest TO 'securebackup_path/bup_sfp1.bak';
--echo Ensure backup image file went to the correct location
---file_exists $MYSQLTEST_VARDIR/master-data/securefilepriv_path/bup_sfp1.bak
+--file_exists $MYSQLTEST_VARDIR/master-data/securebackup_path/bup_sfp1.bak
--error 0,1
---remove_file $MYSQLTEST_VARDIR/master-data/securefilepriv_path/bup_sfp1.bak
+--remove_file $MYSQLTEST_VARDIR/master-data/securebackup_path/bup_sfp1.bak
--echo
---echo Backup to subpath of path specified by --secure-file-priv option
---echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
+--echo Backup to subpath of path specified by --secure-backup-file-priv option
+--echo (MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
--replace_column 1 #
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/subpath/bup_sfp2.bak';
+BACKUP DATABASE mysqltest TO 'securebackup_path/subpath/bup_sfp2.bak';
--echo Ensure backup image file went to the correct location
---file_exists $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath/bup_sfp2.bak
+--file_exists $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath/bup_sfp2.bak
--error 0,1
---remove_file $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath/bup_sfp2.bak
+--remove_file $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath/bup_sfp2.bak
--echo
---echo Change backupdir to securefilepriv_path/subpath
---echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
-SET @@global.backupdir = 'securefilepriv_path/subpath';
+--echo Change backupdir to securebackup_path/subpath
+--echo (MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
+SET @@global.backupdir = 'securebackup_path/subpath';
--echo
---echo Backup to subpath of path specified by --secure-file-priv option,
+--echo Backup to subpath of path specified by --secure-backup-file-priv option,
--echo no dir in backup file name
---echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
+--echo (MYSQLTEST_VARDIR/master-data/securebackup_path/subpath)
--replace_column 1 #
BACKUP DATABASE mysqltest TO 'bup_sfp3.bak';
--echo Ensure backup image file went to the correct location
---file_exists $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath/bup_sfp3.bak
+--file_exists $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath/bup_sfp3.bak
--error 0,1
---remove_file $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath/bup_sfp3.bak
+--remove_file $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath/bup_sfp3.bak
--echo
---echo Backup to path specified by --secure-file-priv,
+--echo Backup to path specified by --secure-backup-file-priv,
--echo relative path in backup file name
---echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--echo (MYSQLTEST_VARDIR/master-data/securebackup_path)
--replace_column 1 #
BACKUP DATABASE mysqltest TO '../bup_sfp4.bak';
--echo Ensure backup image file went to the correct location
---file_exists $MYSQLTEST_VARDIR/master-data/securefilepriv_path/bup_sfp4.bak
+--file_exists $MYSQLTEST_VARDIR/master-data/securebackup_path/bup_sfp4.bak
--error 0,1
---remove_file $MYSQLTEST_VARDIR/master-data/securefilepriv_path/bup_sfp4.bak
+--remove_file $MYSQLTEST_VARDIR/master-data/securebackup_path/bup_sfp4.bak
# Tests that fail
--echo
---echo Backup to relative path outside path specified by --secure-file-priv
+--echo Backup to relative path outside path specified by --secure-backup-file-priv
--echo option should fail
--error ER_OPTION_PREVENTS_STATEMENT
BACKUP DATABASE mysqltest TO '../../bup_sfp_fail1.bak';
@@ -103,10 +110,56 @@ BACKUP DATABASE mysqltest TO '../../bup_
SET @@global.backupdir = @@global.datadir;
--echo
---echo Backup to other path than specified by --secure-file-priv should fail
+--echo Backup to other path than specified by --secure-backup-file-priv should fail
--error ER_OPTION_PREVENTS_STATEMENT
BACKUP DATABASE mysqltest TO 'bup_sfp_fail2.bak';
+#
+# Now check to ensure backup cannot write to the --secure-file-priv location and
+# should fail.
+#
+--echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now check to ensure restore cannot read the --secure-file-priv location and
+# should fail.
+#
+# Note: The error will still be correct even though the file doesn't
+# exist and the system should not report the file is missing.
+#
+--echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+RESTORE FROM 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now set the backupdir to the secure-file-priv location.
+#
+--echo
+--echo Change backupdir to securebackup_path/subpath
+--echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath)
+SET @@global.backupdir = 'securefilepriv_path/subpath';
+
+#
+# Now check to ensure backup cannot write to the --secure-file-priv location even
+# if the backupdir is set to the same as --secure-file-priv location.
+#
+--echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now make sure restore cannot read from the --secure-file-priv location even
+# if the backupdir is set to the same as --secure-file-priv location.
+#
+# Note: The error will still be correct even though the file doesn't
+# exist and the system should not report the file is missing.
+#
+--echo (MYSQLTEST_VARDIR/master-data/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+RESTORE FROM 'securefilepriv_path/bup_sfp1.bak';
+
--echo
--echo Cleanup
--echo
@@ -115,6 +168,10 @@ DROP TABLE mysqltest.t1;
DROP DATABASE mysqltest;
--error 0,1,2
+rmdir $MYSQLTEST_VARDIR/master-data/securebackup_path/subpath;
+--error 0,1,2
+rmdir $MYSQLTEST_VARDIR/master-data/securebackup_path;
+--error 0,1,2
rmdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path/subpath;
--error 0,1,2
rmdir $MYSQLTEST_VARDIR/master-data/securefilepriv_path;
=== modified file 'sql/backup/kernel.cc'
--- a/sql/backup/kernel.cc 2009-02-03 07:48:09 +0000
+++ b/sql/backup/kernel.cc 2009-02-05 20:49:07 +0000
@@ -1397,7 +1397,7 @@ int Backup_restore_ctx::report_stream_op
int error= 0;
switch (my_open_status) {
case ER_OPTION_PREVENTS_STATEMENT:
- error= report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-file-priv");
+ error= report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-backup-file-priv");
break;
case ER_BACKUP_WRITE_LOC:
/*
=== modified file 'sql/backup/stream.cc'
--- a/sql/backup/stream.cc 2008-12-18 21:46:36 +0000
+++ b/sql/backup/stream.cc 2009-02-05 20:49:07 +0000
@@ -202,23 +202,27 @@ Stream::Stream(Logger &log, ::String *pa
}
/**
- Check if secure-file-priv option has been set and if so, whether
+ Check if secure-backup-file-priv option has been set and if so, whether
or not backup tries to write to the path (or a sub-path) specified
- by secure-file-priv.
+ by secure-backup-file-priv.
Reports error ER_OPTION_PREVENTS_STATEMENT if backup tries to write
- to a different path than specified by secure-file-priv.
+ to a different path than specified by secure-backup-file-priv.
@retval TRUE backup is allowed to write to this path
@retval FALSE backup is not allowed to write to this path. Side
effect: error is reported
*/
bool Stream::test_secure_file_priv_access(char *path) {
- bool has_access = !opt_secure_file_priv || // option not specified, or
- !strncmp(opt_secure_file_priv, path, // path is (subpath of)
- strlen(opt_secure_file_priv)); // secure-file-priv option
+ bool has_access = !opt_secure_backup_file_priv ||
+ // option not specified, or
+ !strncmp(opt_secure_backup_file_priv, path,
+ // path is (subpath of)
+ strlen(opt_secure_backup_file_priv));
+ // secure-backup-file-priv option
if (!has_access)
- m_log.report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-file-priv");
+ m_log.report_error(ER_OPTION_PREVENTS_STATEMENT,
+ "--secure-backup-file-priv");
return has_access;
}
@@ -227,7 +231,7 @@ bool Stream::test_secure_file_priv_acces
Open a stream.
@retval 0 if stream was successfully opened
- @retval ER_OPTION_PREVENTS_STATEMENT if secure-file-priv option
+ @retval ER_OPTION_PREVENTS_STATEMENT if secure-backup-file-priv option
prevented stream open from this path
@retval -1 if open failed for another reason
*/
@@ -353,7 +357,7 @@ bool Output_stream::init()
Open and initialize backup stream for writing.
@retval 0 operation succeeded
- @retval ER_OPTION_PREVENTS_STATEMENT secure-file-priv option
+ @retval ER_OPTION_PREVENTS_STATEMENT secure-backup-file-priv option
prevented stream open from this path
@retval ER_BACKUP_WRITE_LOC open failed for another reason
@@ -559,7 +563,7 @@ bool Input_stream::init()
m_header_buf member and examined by check_magic_and_version().
@retval 0 operation succeeded
- @retval ER_OPTION_PREVENTS_STATEMENT secure-file-priv option
+ @retval ER_OPTION_PREVENTS_STATEMENT secure-backup-file-priv option
prevented stream open from this path
@retval ER_BACKUP_READ_LOC open failed for another reason
=== modified file 'sql/mysql_priv.h'
--- a/sql/mysql_priv.h 2009-01-21 15:06:10 +0000
+++ b/sql/mysql_priv.h 2009-02-05 20:49:07 +0000
@@ -2012,6 +2012,7 @@ extern my_bool opt_readonly, lower_case_
extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
extern my_bool opt_secure_auth;
extern char* opt_secure_file_priv;
+extern char* opt_secure_backup_file_priv;
extern my_bool opt_log_slow_admin_statements, opt_log_slow_slave_statements;
extern my_bool sp_automatic_privileges, opt_noacl;
extern my_bool opt_old_style_user_limits, trust_function_creators;
=== modified file 'sql/mysqld.cc'
--- a/sql/mysqld.cc 2009-01-21 15:06:10 +0000
+++ b/sql/mysqld.cc 2009-02-05 20:49:07 +0000
@@ -502,6 +502,7 @@ my_bool opt_readonly, use_temp_pool, rel
my_bool opt_sync_frm, opt_allow_suspicious_udfs;
my_bool opt_secure_auth= 0;
char* opt_secure_file_priv= 0;
+char* opt_secure_backup_file_priv= 0;
my_bool opt_log_slow_admin_statements= 0;
my_bool opt_log_slow_slave_statements= 0;
my_bool lower_case_file_system= 0;
@@ -1397,6 +1398,7 @@ void clean_up(bool print_message)
x_free(opt_bin_logname);
x_free(opt_relay_logname);
x_free(opt_secure_file_priv);
+ x_free(opt_secure_backup_file_priv);
bitmap_free(&temp_pool);
free_max_user_conn();
#ifdef HAVE_REPLICATION
@@ -5901,6 +5903,7 @@ enum options_mysqld
OPT_THREAD_HANDLING,
OPT_INNODB_ROLLBACK_ON_TIMEOUT,
OPT_SECURE_FILE_PRIV,
+ OPT_SECURE_BACKUP_FILE_PRIV,
OPT_MIN_EXAMINED_ROW_LIMIT,
OPT_LOG_SLOW_SLAVE_STATEMENTS,
#if defined(ENABLED_DEBUG_SYNC)
@@ -6605,6 +6608,10 @@ Can't be set to 1 if --log-slave-updates
"Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files within specified directory",
(uchar**) &opt_secure_file_priv, (uchar**) &opt_secure_file_priv, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+ {"secure-backup-file-priv", OPT_SECURE_BACKUP_FILE_PRIV,
+ "Limit BACKUP and RESTORE to files within specified directory",
+ (uchar**) &opt_secure_backup_file_priv, (uchar**) &opt_secure_backup_file_priv, 0,
+ GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"server-id", OPT_SERVER_ID,
"Uniquely identifies the server instance in the community of replication partners.",
(uchar**) &server_id, (uchar**) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
@@ -7918,6 +7925,7 @@ static int mysql_init_variables(void)
opt_tc_log_file= (char *)"tc.log"; // no hostname in tc_log file name !
opt_secure_auth= 0;
opt_secure_file_priv= 0;
+ opt_secure_backup_file_priv= 0;
opt_bootstrap= opt_myisam_logical_log= 0;
mqh_used= 0;
segfaulted= kill_in_progress= 0;
@@ -8972,6 +8980,17 @@ static void fix_paths(void)
my_free(opt_secure_file_priv, MYF(0));
opt_secure_file_priv= my_strdup(buff, MYF(MY_FAE));
}
+
+ /*
+ Convert the secure-backup-file-priv option to system format, allowing
+ a quick strcmp to check if read or write is in an allowed dir
+ */
+ if (opt_secure_backup_file_priv)
+ {
+ convert_dirname(buff, opt_secure_backup_file_priv, NullS);
+ my_free(opt_secure_backup_file_priv, MYF(0));
+ opt_secure_backup_file_priv= my_strdup(buff, MYF(MY_FAE));
+ }
}
=== modified file 'sql/set_var.cc'
--- a/sql/set_var.cc 2009-01-21 15:06:10 +0000
+++ b/sql/set_var.cc 2009-02-05 20:49:07 +0000
@@ -601,6 +601,8 @@ sys_query_cache_wlock_invalidate(&vars,
static sys_var_bool_ptr sys_secure_auth(&vars, "secure_auth", &opt_secure_auth);
static sys_var_const_str_ptr sys_secure_file_priv(&vars, "secure_file_priv",
&opt_secure_file_priv);
+static sys_var_const_str_ptr sys_secure_backup_file_priv(&vars, "secure_backup_file_priv",
+ &opt_secure_backup_file_priv);
static sys_var_long_ptr sys_server_id(&vars, "server_id", &server_id, fix_server_id);
static sys_var_bool_ptr sys_slave_compressed_protocol(&vars, "slave_compressed_protocol",
&opt_slave_compressed_protocol);
