List:Commits« Previous MessageNext Message »
From:Chuck Bell Date:February 9 2009 6:18pm
Subject:bzr commit into mysql-6.0-backup branch (charles.bell:2763) Bug#39581
View as plain text  
#At file:///C:/source/bzr/mysql-6.0-bug-39581/ based on revid:rafal.somla@stripped

 2763 Chuck Bell	2009-02-09
      BUG#39581 : BACKUP file restrictions should be decoupled from FILE file restrictions
      
      This patch creeates a new --secure-backup-file-priv startup option and 
      secure_backup_file_priv read only variable. This replaces the original 
      use of the --secure-file-priv and associated variable. This change was 
      needed to prevent exploitation of a security vulnerability by giving too 
      much access to backup and restore. The new --secure-backup-file-priv 
      allows administrators to restrict backup and restore to/from a specific 
      directory.
      
      Attention: This patch contains three file moves. To apply this patch
      you must first execute the following commands from the tree root:
      
      bzr mv ./mysql-test/suite/backup/t/backup_securefilepriv.test ./mysql-test/suite/backup/t/backup_securebackup.test
      
      bzr mv ./mysql-test/suite/backup/r/backup_securefilepriv.result ./mysql-test/suite/backup/r/backup_securebackup.result
      
      bzr mv ./mysql-test/suite/backup/t/backup_securefilepriv-master.opt ./mysql-test/suite/backup/t/backup_securebackup-master.opt
renamed:
  mysql-test/suite/backup/r/backup_securefilepriv.result => mysql-test/suite/backup/r/backup_securebackup.result
  mysql-test/suite/backup/t/backup_securefilepriv-master.opt => mysql-test/suite/backup/t/backup_securebackup-master.opt
  mysql-test/suite/backup/t/backup_securefilepriv.test => mysql-test/suite/backup/t/backup_securebackup.test
modified:
  sql/backup/kernel.cc
  sql/backup/stream.cc
  sql/mysql_priv.h
  sql/mysqld.cc
  sql/set_var.cc
  mysql-test/suite/backup/r/backup_securebackup.result
  mysql-test/suite/backup/t/backup_securebackup-master.opt
  mysql-test/suite/backup/t/backup_securebackup.test

per-file messages:
  mysql-test/suite/backup/r/backup_securebackup.result
    Corrected result file.
  mysql-test/suite/backup/t/backup_securebackup-master.opt
    Added new --secure-backup-file-priv option.
  mysql-test/suite/backup/t/backup_securebackup.test
    Renamed test.
    Changed test to use new option.
    Added tests to ensure no cross over with --secure-file-priv.
  sql/backup/kernel.cc
    Changed code to use the new secure-backup-file-priv option.
  sql/backup/stream.cc
    Changed code to use the new secure-backup-file-priv option.
  sql/mysql_priv.h
    Added definition for secure-backup-file-priv option.
  sql/mysqld.cc
    Added definition, creation, and destruction for new secure-backup-file-priv option.
  sql/set_var.cc
    Added a new option system variable (read only) for secure-backup-file-priv.
=== renamed file 'mysql-test/suite/backup/r/backup_securefilepriv.result' => 'mysql-test/suite/backup/r/backup_securebackup.result'
--- a/mysql-test/suite/backup/r/backup_securefilepriv.result	2008-10-29 08:45:14 +0000
+++ b/mysql-test/suite/backup/r/backup_securebackup.result	2009-02-09 18:17:55 +0000
@@ -8,53 +8,70 @@ INSERT INTO mysqltest.t1 VALUES (1),(2),
 
 Starting tests
 
-Backup to path specified by --secure-file-priv option
-(MYSQLD_DATADIR/securefilepriv_path)
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp1.bak';
+Backup to path specified by --secure-backup-file-priv option
+(MYSQLD_DATADIR/securebackup_path)
+BACKUP DATABASE mysqltest TO 'securebackup_path/bup_sfp1.bak';
 backup_id
 #
 Ensure backup image file went to the correct location
 
-Backup to subpath of path specified by --secure-file-priv option
-(MYSQLD_DATADIR/securefilepriv_path/subpath)
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/subpath/bup_sfp2.bak';
+Backup to subpath of path specified by --secure-backup-file-priv option
+(MYSQLD_DATADIR/securebackup_path/subpath)
+BACKUP DATABASE mysqltest TO 'securebackup_path/subpath/bup_sfp2.bak';
 backup_id
 #
 Ensure backup image file went to the correct location
 
-Change backupdir to securefilepriv_path/subpath 
-(MYSQLD_DATADIR/securefilepriv_path/subpath)
-SET @@global.backupdir = 'securefilepriv_path/subpath';
+Change backupdir to securebackup_path/subpath 
+(MYSQLD_DATADIR/securebackup_path/subpath)
+SET @@global.backupdir = 'securebackup_path/subpath';
 
-Backup to subpath of path specified by --secure-file-priv option, 
+Backup to subpath of path specified by --secure-backup-file-priv option, 
 no dir in backup file name
-(MYSQLD_DATADIR/securefilepriv_path/subpath)
+(MYSQLD_DATADIR/securebackup_path/subpath)
 BACKUP DATABASE mysqltest TO 'bup_sfp3.bak';
 backup_id
 #
 Ensure backup image file went to the correct location
 
-Backup to path specified by --secure-file-priv, 
+Backup to path specified by --secure-backup-file-priv, 
 relative path in backup file name
-(MYSQLD_DATADIR/securefilepriv_path)
+(MYSQLD_DATADIR/securebackup_path)
 BACKUP DATABASE mysqltest TO '../bup_sfp4.bak';
 backup_id
 #
 Ensure backup image file went to the correct location
 
-Backup to relative path outside path specified by --secure-file-priv 
+Backup to relative path outside path specified by --secure-backup-file-priv 
 option should fail
 BACKUP DATABASE mysqltest TO '../../bup_sfp_fail1.bak';
-ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
 
 Reset backupdir to MYSQLD_DATADIR/
 SET @@global.backupdir = @@global.datadir;
 
-Backup to other path than specified by --secure-file-priv should fail
+Backup to other path than specified by --secure-backup-file-priv should fail
 BACKUP DATABASE mysqltest TO 'bup_sfp_fail2.bak';
-ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLD_DATADIR/securefilepriv_path)
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLD_DATADIR/securefilepriv_path)
+RESTORE FROM 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+
+Change backupdir to securebackup_path/subpath 
+(MYSQLD_DATADIR/securefilepriv_path/subpath)
+SET @@global.backupdir = 'securefilepriv_path/subpath';
+(MYSQLD_DATADIR/securefilepriv_path)
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
+(MYSQLD_DATADIR/securefilepriv_path)
+RESTORE FROM 'securefilepriv_path/bup_sfp1.bak';
+ERROR HY000: The MySQL server is running with the --secure-backup-file-priv option so it cannot execute this statement
 
 Cleanup
 
 DROP TABLE mysqltest.t1;
 DROP DATABASE mysqltest;
+SET @@global.backupdir = @@global.datadir;

=== renamed file 'mysql-test/suite/backup/t/backup_securefilepriv-master.opt' => 'mysql-test/suite/backup/t/backup_securebackup-master.opt'
--- a/mysql-test/suite/backup/t/backup_securefilepriv-master.opt	2008-10-29 08:45:14 +0000
+++ b/mysql-test/suite/backup/t/backup_securebackup-master.opt	2009-02-09 18:17:55 +0000
@@ -1 +1,2 @@
+--secure-backup-file-priv=$MYSQLTEST_VARDIR/mysqld.1/data/securebackup_path
 --secure-file-priv=$MYSQLTEST_VARDIR/mysqld.1/data/securefilepriv_path

=== renamed file 'mysql-test/suite/backup/t/backup_securefilepriv.test' => 'mysql-test/suite/backup/t/backup_securebackup.test'
--- a/mysql-test/suite/backup/t/backup_securefilepriv.test	2008-10-29 08:45:14 +0000
+++ b/mysql-test/suite/backup/t/backup_securebackup.test	2009-02-09 18:17:55 +0000
@@ -1,11 +1,12 @@
 #
 # Purpose: Backup images should only be allowed to be written to the
-# path specified by --secure-file-priv option or a sub-path of it.
+# path specified by --secure-backup-file-priv option or a sub-path of it.
 #
-# See backup_securefilepriv-master.opt for --secure-file-priv command line option
+# See backup_securefilepriv-master.opt for --secure-backup-file-priv command line option
 #
-# backupdir        is MYSQLD_DATADIR/
-# secure-file-priv is MYSQLD_DATADIR/securefilepriv_path/
+# backupdir              is MYSQLD_DATADIR/
+# secure-file-priv       is MYSQLD_DATADIR/securefilepriv_path/
+# secure-backupfile-priv is MYSQLD_DATADIR/securebackup_path/
 
 --source include/not_embedded.inc
 
@@ -16,11 +17,17 @@ let $MYSQLD_DATADIR = `select @@datadir`
 --error 0,1
 rmdir $MYSQLD_DATADIR/securefilepriv_path/subpath;
 --error 0,1
+rmdir $MYSQLD_DATADIR/securebackup_path/subpath;
+--error 0,1
 rmdir $MYSQLD_DATADIR/securefilepriv_path;
+--error 0,1
+rmdir $MYSQLD_DATADIR/securebackup_path;
 
 --echo Create directories for backup images
 mkdir $MYSQLD_DATADIR/securefilepriv_path;
+mkdir $MYSQLD_DATADIR/securebackup_path;
 mkdir $MYSQLD_DATADIR/securefilepriv_path/subpath;
+mkdir $MYSQLD_DATADIR/securebackup_path/subpath;
 
 --echo Creating database and populating tables
 
@@ -38,64 +45,64 @@ INSERT INTO mysqltest.t1 VALUES (1),(2),
 --echo Starting tests
 
 --echo 
---echo Backup to path specified by --secure-file-priv option
---echo (MYSQLD_DATADIR/securefilepriv_path)
+--echo Backup to path specified by --secure-backup-file-priv option
+--echo (MYSQLD_DATADIR/securebackup_path)
 --replace_column 1 #
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp1.bak';
+BACKUP DATABASE mysqltest TO 'securebackup_path/bup_sfp1.bak';
 
 --echo Ensure backup image file went to the correct location
---file_exists $MYSQLD_DATADIR/securefilepriv_path/bup_sfp1.bak
+--file_exists $MYSQLD_DATADIR/securebackup_path/bup_sfp1.bak
 
 --error 0,1
---remove_file $MYSQLD_DATADIR/securefilepriv_path/bup_sfp1.bak
+--remove_file $MYSQLD_DATADIR/securebackup_path/bup_sfp1.bak
 
 --echo  
---echo Backup to subpath of path specified by --secure-file-priv option
---echo (MYSQLD_DATADIR/securefilepriv_path/subpath)
+--echo Backup to subpath of path specified by --secure-backup-file-priv option
+--echo (MYSQLD_DATADIR/securebackup_path/subpath)
 --replace_column 1 #
-BACKUP DATABASE mysqltest TO 'securefilepriv_path/subpath/bup_sfp2.bak';
+BACKUP DATABASE mysqltest TO 'securebackup_path/subpath/bup_sfp2.bak';
 
 --echo Ensure backup image file went to the correct location
---file_exists $MYSQLD_DATADIR/securefilepriv_path/subpath/bup_sfp2.bak
+--file_exists $MYSQLD_DATADIR/securebackup_path/subpath/bup_sfp2.bak
 
 --error 0,1
---remove_file $MYSQLD_DATADIR/securefilepriv_path/subpath/bup_sfp2.bak
+--remove_file $MYSQLD_DATADIR/securebackup_path/subpath/bup_sfp2.bak
 
 --echo  
---echo Change backupdir to securefilepriv_path/subpath 
---echo (MYSQLD_DATADIR/securefilepriv_path/subpath)
-SET @@global.backupdir = 'securefilepriv_path/subpath';
+--echo Change backupdir to securebackup_path/subpath 
+--echo (MYSQLD_DATADIR/securebackup_path/subpath)
+SET @@global.backupdir = 'securebackup_path/subpath';
 
 --echo  
---echo Backup to subpath of path specified by --secure-file-priv option, 
+--echo Backup to subpath of path specified by --secure-backup-file-priv option, 
 --echo no dir in backup file name
---echo (MYSQLD_DATADIR/securefilepriv_path/subpath)
+--echo (MYSQLD_DATADIR/securebackup_path/subpath)
 --replace_column 1 #
 BACKUP DATABASE mysqltest TO 'bup_sfp3.bak';
 
 --echo Ensure backup image file went to the correct location
---file_exists $MYSQLD_DATADIR/securefilepriv_path/subpath/bup_sfp3.bak
+--file_exists $MYSQLD_DATADIR/securebackup_path/subpath/bup_sfp3.bak
 
 --error 0,1
---remove_file $MYSQLD_DATADIR/securefilepriv_path/subpath/bup_sfp3.bak
+--remove_file $MYSQLD_DATADIR/securebackup_path/subpath/bup_sfp3.bak
 
 --echo  
---echo Backup to path specified by --secure-file-priv, 
+--echo Backup to path specified by --secure-backup-file-priv, 
 --echo relative path in backup file name
---echo (MYSQLD_DATADIR/securefilepriv_path)
+--echo (MYSQLD_DATADIR/securebackup_path)
 --replace_column 1 #
 BACKUP DATABASE mysqltest TO '../bup_sfp4.bak';
 
 --echo Ensure backup image file went to the correct location
---file_exists $MYSQLD_DATADIR/securefilepriv_path/bup_sfp4.bak
+--file_exists $MYSQLD_DATADIR/securebackup_path/bup_sfp4.bak
 
 --error 0,1
---remove_file $MYSQLD_DATADIR/securefilepriv_path/bup_sfp4.bak
+--remove_file $MYSQLD_DATADIR/securebackup_path/bup_sfp4.bak
 
 # Tests that fail
 
 --echo  
---echo Backup to relative path outside path specified by --secure-file-priv 
+--echo Backup to relative path outside path specified by --secure-backup-file-priv 
 --echo option should fail
 --error ER_OPTION_PREVENTS_STATEMENT
 BACKUP DATABASE mysqltest TO '../../bup_sfp_fail1.bak';
@@ -105,10 +112,56 @@ BACKUP DATABASE mysqltest TO '../../bup_
 SET @@global.backupdir = @@global.datadir;
 
 --echo  
---echo Backup to other path than specified by --secure-file-priv should fail
+--echo Backup to other path than specified by --secure-backup-file-priv should fail
 --error ER_OPTION_PREVENTS_STATEMENT
 BACKUP DATABASE mysqltest TO 'bup_sfp_fail2.bak';
 
+#
+# Now check to ensure backup cannot write to the --secure-file-priv location and
+# should fail.
+#
+--echo (MYSQLD_DATADIR/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now check to ensure restore cannot read the --secure-file-priv location and
+# should fail.
+#
+# Note: The error will still be correct even though the file doesn't
+# exist and the system should not report the file is missing.
+#
+--echo (MYSQLD_DATADIR/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+RESTORE FROM 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now set the backupdir to the secure-file-priv location.
+#
+--echo  
+--echo Change backupdir to securebackup_path/subpath 
+--echo (MYSQLD_DATADIR/securefilepriv_path/subpath)
+SET @@global.backupdir = 'securefilepriv_path/subpath';
+
+#
+# Now check to ensure backup cannot write to the --secure-file-priv location even
+# if the backupdir is set to the same as --secure-file-priv location.
+#
+--echo (MYSQLD_DATADIR/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+BACKUP DATABASE mysqltest TO 'securefilepriv_path/bup_sfp5.bak';
+
+#
+# Now make sure restore cannot read from the --secure-file-priv location even
+# if the backupdir is set to the same as --secure-file-priv location.
+#
+# Note: The error will still be correct even though the file doesn't
+# exist and the system should not report the file is missing.
+#
+--echo (MYSQLD_DATADIR/securefilepriv_path)
+--error ER_OPTION_PREVENTS_STATEMENT
+RESTORE FROM 'securefilepriv_path/bup_sfp1.bak';
+
 --echo 
 --echo Cleanup
 --echo 
@@ -116,7 +169,13 @@ BACKUP DATABASE mysqltest TO 'bup_sfp_fa
 DROP TABLE mysqltest.t1;
 DROP DATABASE mysqltest;
 
+SET @@global.backupdir = @@global.datadir;
+
 --error 0,1,2
 rmdir $MYSQLD_DATADIR/securefilepriv_path/subpath;
 --error 0,1,2
 rmdir $MYSQLD_DATADIR/securefilepriv_path;
+--error 0,1,2
+rmdir $MYSQLD_DATADIR/securebackup_path/subpath;
+--error 0,1,2
+rmdir $MYSQLD_DATADIR/securebackup_path;

=== modified file 'sql/backup/kernel.cc'
--- a/sql/backup/kernel.cc	2009-02-06 08:28:24 +0000
+++ b/sql/backup/kernel.cc	2009-02-09 18:17:55 +0000
@@ -1397,7 +1397,7 @@ int Backup_restore_ctx::report_stream_op
   int error= 0;
   switch (my_open_status) {
     case ER_OPTION_PREVENTS_STATEMENT:
-      error= report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-file-priv");
+      error= report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-backup-file-priv");
       break;
     case ER_BACKUP_WRITE_LOC:
       /*

=== modified file 'sql/backup/stream.cc'
--- a/sql/backup/stream.cc	2009-02-09 09:05:20 +0000
+++ b/sql/backup/stream.cc	2009-02-09 18:17:55 +0000
@@ -210,23 +210,29 @@ Stream::Stream(Logger &log, ::String *pa
 
 
 /**
-  Check if secure-file-priv option has been set and if so, whether
+  Check if secure-backup-file-priv option has been set and if so, whether
   or not backup tries to write to the path (or a sub-path) specified
-  by secure-file-priv.
+  by secure-backup-file-priv.
 
   Reports error ER_OPTION_PREVENTS_STATEMENT if backup tries to write
-  to a different path than specified by secure-file-priv.
+  to a different path than specified by secure-backup-file-priv.
   
   @retval TRUE  backup is allowed to write to this path
   @retval FALSE backup is not allowed to write to this path. Side
                 effect: error is reported
 */
 bool Stream::test_secure_file_priv_access(char *path) {
-  bool has_access = !opt_secure_file_priv ||                 // option not specified, or
-                    !strncmp(opt_secure_file_priv, path,     // path is (subpath of)
-                             strlen(opt_secure_file_priv));  // secure-file-priv option
+  /*
+     Access is granted if:
+      a) option not specified, or
+      b) path is (subpath of) secure-backup-file-priv option
+  */
+  bool has_access = !opt_secure_backup_file_priv ||                 
+                    !strncmp(opt_secure_backup_file_priv, path,     
+                             strlen(opt_secure_backup_file_priv));  
    if (!has_access)
-     m_log.report_error(ER_OPTION_PREVENTS_STATEMENT, "--secure-file-priv");
+     m_log.report_error(ER_OPTION_PREVENTS_STATEMENT, 
+                        "--secure-backup-file-priv");
 
   return has_access;
 }
@@ -235,7 +241,7 @@ bool Stream::test_secure_file_priv_acces
    Open a stream.
 
    @retval 0 if stream was successfully opened
-   @retval ER_OPTION_PREVENTS_STATEMENT if secure-file-priv option
+   @retval ER_OPTION_PREVENTS_STATEMENT if secure-backup-file-priv option
            prevented stream open from this path
    @retval -1 if open failed for another reason
  */
@@ -361,7 +367,7 @@ bool Output_stream::init()
   Open and initialize backup stream for writing.
 
   @retval 0                             operation succeeded
-  @retval ER_OPTION_PREVENTS_STATEMENT  secure-file-priv option
+  @retval ER_OPTION_PREVENTS_STATEMENT  secure-backup-file-priv option
                                         prevented stream open from this path
   @retval ER_BACKUP_WRITE_LOC           open failed for another reason
 
@@ -567,7 +573,7 @@ bool Input_stream::init()
   m_header_buf member and examined by check_magic_and_version().
 
   @retval 0                             operation succeeded
-  @retval ER_OPTION_PREVENTS_STATEMENT  secure-file-priv option
+  @retval ER_OPTION_PREVENTS_STATEMENT  secure-backup-file-priv option
                                         prevented stream open from this path
   @retval ER_BACKUP_READ_LOC            open failed for another reason
 

=== modified file 'sql/mysql_priv.h'
--- a/sql/mysql_priv.h	2009-01-29 21:17:59 +0000
+++ b/sql/mysql_priv.h	2009-02-09 18:17:55 +0000
@@ -2013,6 +2013,7 @@ extern my_bool opt_readonly, lower_case_
 extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
 extern my_bool opt_secure_auth;
 extern char* opt_secure_file_priv;
+extern char* opt_secure_backup_file_priv;
 extern my_bool opt_log_slow_admin_statements, opt_log_slow_slave_statements;
 extern my_bool sp_automatic_privileges, opt_noacl;
 extern my_bool opt_old_style_user_limits, trust_function_creators;

=== modified file 'sql/mysqld.cc'
--- a/sql/mysqld.cc	2009-01-29 21:17:59 +0000
+++ b/sql/mysqld.cc	2009-02-09 18:17:55 +0000
@@ -502,6 +502,7 @@ my_bool opt_readonly, use_temp_pool, rel
 my_bool opt_sync_frm, opt_allow_suspicious_udfs;
 my_bool opt_secure_auth= 0;
 char* opt_secure_file_priv= 0;
+char* opt_secure_backup_file_priv= 0;
 my_bool opt_log_slow_admin_statements= 0;
 my_bool opt_log_slow_slave_statements= 0;
 my_bool lower_case_file_system= 0;
@@ -1400,6 +1401,7 @@ void clean_up(bool print_message)
   x_free(opt_bin_logname);
   x_free(opt_relay_logname);
   x_free(opt_secure_file_priv);
+  x_free(opt_secure_backup_file_priv);
   bitmap_free(&temp_pool);
   free_max_user_conn();
 #ifdef HAVE_REPLICATION
@@ -5904,6 +5906,7 @@ enum options_mysqld
   OPT_THREAD_HANDLING,
   OPT_INNODB_ROLLBACK_ON_TIMEOUT,
   OPT_SECURE_FILE_PRIV,
+  OPT_SECURE_BACKUP_FILE_PRIV,
   OPT_MIN_EXAMINED_ROW_LIMIT,
   OPT_LOG_SLOW_SLAVE_STATEMENTS,
 #if defined(ENABLED_DEBUG_SYNC)
@@ -6609,6 +6612,10 @@ Can't be set to 1 if --log-slave-updates
    "Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files within specified directory",
    (uchar**) &opt_secure_file_priv, (uchar**) &opt_secure_file_priv, 0,
    GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+  {"secure-backup-file-priv", OPT_SECURE_BACKUP_FILE_PRIV,
+   "Limit BACKUP and RESTORE to files within specified directory",
+   (uchar**) &opt_secure_backup_file_priv, (uchar**) &opt_secure_backup_file_priv, 0,
+   GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
   {"server-id",	OPT_SERVER_ID,
    "Uniquely identifies the server instance in the community of replication partners.",
    (uchar**) &server_id, (uchar**) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
@@ -7927,6 +7934,7 @@ static int mysql_init_variables(void)
   opt_tc_log_file= (char *)"tc.log";      // no hostname in tc_log file name !
   opt_secure_auth= 0;
   opt_secure_file_priv= 0;
+  opt_secure_backup_file_priv= 0;
   opt_bootstrap= opt_myisam_logical_log= 0;
   mqh_used= 0;
   segfaulted= kill_in_progress= 0;
@@ -8981,6 +8989,17 @@ static void fix_paths(void)
     my_free(opt_secure_file_priv, MYF(0));
     opt_secure_file_priv= my_strdup(buff, MYF(MY_FAE));
   }
+
+  /*
+    Convert the secure-backup-file-priv option to system format, allowing
+    a quick strcmp to check if read or write is in an allowed dir
+   */
+  if (opt_secure_backup_file_priv)
+  {
+    convert_dirname(buff, opt_secure_backup_file_priv, NullS);
+    my_free(opt_secure_backup_file_priv, MYF(0));
+    opt_secure_backup_file_priv= my_strdup(buff, MYF(MY_FAE));
+  }
 }
 
 

=== modified file 'sql/set_var.cc'
--- a/sql/set_var.cc	2009-02-04 10:49:16 +0000
+++ b/sql/set_var.cc	2009-02-09 18:17:55 +0000
@@ -601,6 +601,8 @@ sys_query_cache_wlock_invalidate(&vars, 
 static sys_var_bool_ptr	sys_secure_auth(&vars, "secure_auth", &opt_secure_auth);
 static sys_var_const_str_ptr sys_secure_file_priv(&vars, "secure_file_priv",
                                              &opt_secure_file_priv);
+static sys_var_const_str_ptr sys_secure_backup_file_priv(&vars, "secure_backup_file_priv",
+                                             &opt_secure_backup_file_priv);
 static sys_var_long_ptr	sys_server_id(&vars, "server_id", &server_id, fix_server_id);
 static sys_var_bool_ptr	sys_slave_compressed_protocol(&vars, "slave_compressed_protocol",
 						      &opt_slave_compressed_protocol);

Thread
bzr commit into mysql-6.0-backup branch (charles.bell:2763) Bug#39581Chuck Bell9 Feb