• Developer Zone
• Lists Home
• FAQ

Hi, Alfranio!

On Feb 06, Alfranio Correia wrote:
> Hi Sergei,
> 
> Thank you for the comments.
> Can I assign you as formal reviewer of the bug report?

Yes, feel free to.
 
> Sergei Golubchik wrote:
> > On Feb 05, Alfranio Correia wrote:
> >>  2768 Alfranio Correia	2009-02-05
> >>       BUG#38174 secure-file-priv breaks LOAD DATA INFILE replication
> >>       in statement mode
> >>       
> >>       If secure-file-priv was set on slave, it became unable to
> >>       execute LOAD DATA INFILE statements sent from master using mixed
> >>       or statement-based replication.
> >>       
> >>       This patch fixes the issue by ignoring this security restriction
> >>       while executing the SQL Thread.
> >
> > I don't think it's a good idea. The restriction was there for a reason
> > and I'm not at all sure that one cannot exploit your fix by breaking out
> > of jail and reading files that should be not accessible otherwise.
> >
> > To play it safe you need to ignore the restriction differently:
> > in the normal query thread you check opt_secure_file_priv as before, in
> > the slave thread, ignore opt_secure_file_priv, and (!) independently of
> > opt_secure_file_priv you verify that you load from
> >
> >   CONCAT(tmpdir, "SQL_LOAD-")
> >
> > (and would be a good idea to move "SQL_LOAD-" to a constant, it's
> > currently used in two places as a string literal).
> >
> > Regards / Mit vielen Gr??en,
> > Sergei
> >
> >   
> Let me see if I understood you correctly. Are you proposing something
> like this, aren't you?
> 
> if (thd->slave_thread) 
> {
>    string = concat(tmpdir,"SQL_LOAD-");
>    if (strncmp(tmpdir) {
>        raise an exception;
>    }
> }
> else if (opt_secure_file_priv &&
> strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv)))
> {
>    raise an exception;
> }

Yes.
 
Regards / Mit vielen Grüßen,
Sergei

-- 
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <serg@stripped>
 / /|_/ / // /\ \/ /_/ / /__  Principal Software Engineer/Server Architect
/_/  /_/\_, /___/\___\_\___/  Sun Microsystems GmbH, HRB München 161028
       <___/                  Sonnenallee 1, 85551 Kirchheim-Heimstetten
Geschäftsführer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
Vorsitzender des Aufsichtsrates: Martin Häring