List:Packagers« Previous MessageNext Message »
From:Lenz Grimmer Date:March 13 2003 11:01am
Subject:Re: [packagers] Re: MySQL user can be changed to root (fwd)
View as plain text  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 10 Mar 2003, Lenz Grimmer wrote:

> JFYI - patches are available upon request. I've started the 3.23 builds
> today.

Sorry for the delay regarding the 3.23.56 release - we have been informed
about another bug in 3.23 regarding the privilege system that we'd like to
have fixed before releasing 3.23.56. A preliminary patch has already been
pushed by Sinisa, but Monty wanted to have a closer look into it first -
that's why I currently wait if I should restart the 3.23.56 builds to
include this fix (Monty is in the US at the moment).

Dmitry, I did not forget your patch request - sorry for not getting back
to you about this yet. The individual patches required to fix the first
problem reported on bugtraq (creating my.cnf with additional --user
parameters) can be obtained from here (they are in multiple BK
Changesets):

http://mysql.bkbits.net:8080/mysql-3.23/patch@ style="color:#666">stripped?nav=index.html|ChangeSet@-7d|cset@stripped
http://mysql.bkbits.net:8080/mysql-3.23/patch@ style="color:#666">stripped?nav=index.html|ChangeSet@-7d|cset@stripped
http://mysql.bkbits.net:8080/mysql-3.23/patch@ style="color:#666">stripped?nav=index.html|ChangeSet@-7d|cset@stripped
http://mysql.bkbits.net:8080/mysql-3.23/patch@ style="color:#666">stripped?nav=index.html|ChangeSet@-7d|cset@stripped
http://mysql.bkbits.net:8080/mysql-3.23/patch@ style="color:#666">stripped?nav=index.html|ChangeSet@-7d|cset@stripped

I've tried to join all these patches into a single patch file (attached),
it should apply on top of 3.23.55 without problems. As soon as Monty has
approved all these patches, we will merge them into 4.0 and I will start
building 4.0.12 right after 3.23.56 has been released.

Bye,
	LenZ
- -- 
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /      Mr. Lenz Grimmer <lenz@stripped>
 / /|_/ / // /\ \/ /_/ / /__     MySQL AB, Production Engineer
/_/  /_/\_, /___/\___\_\___/     Hamburg, Germany
       <___/   www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+cGUGSVDhKrJykfIRAp5gAJ9clt2f/e+uHxFoUfQ5dwyLxUmoFwCbBdgA
4+UN4fSFWDJK216IEfLYL8E=
=fJF8
-----END PGP SIGNATURE-----
diff -Nru a/mysys/default.c b/mysys/default.c
--- a/mysys/default.c	Thu Mar 13 11:49:30 2003
+++ b/mysys/default.c	Thu Mar 13 11:49:30 2003
@@ -39,6 +39,7 @@
 #include "mysys_priv.h"
 #include "m_string.h"
 #include "m_ctype.h"
+#include <my_dir.h>
 
 char *defaults_extra_file=0;
 
@@ -60,13 +61,13 @@
 NullS,
 };
 
-#define default_ext   	".cnf"		/* extension for config file */
+#define default_ext	".cnf"		/* extension for config file */
 #ifdef __WIN__
 #include <winbase.h>
 #define windows_ext	".ini"
 #endif
 
-static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc,
+static my_bool search_default_file(DYNAMIC_ARRAY *args,MEM_ROOT *alloc,
 				   const char *dir, const char *config_file,
 				   const char *ext, TYPELIB *group);
 
@@ -241,6 +242,16 @@
   {
     strmov(name,config_file);
   }
+  fn_format(name,name,"","",4);
+#if !defined(__WIN__) && !defined(OS2)
+  {
+    MY_STAT stat_info;
+    if (!my_stat(name,&stat_info,MYF(MY_WME)))
+      return 0;
+    if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */
+      return 0;
+  }
+#endif
   if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
     return 0;					/* Ignore wrong files */
 
diff -Nru a/scripts/safe_mysqld.sh b/scripts/safe_mysqld.sh
--- a/scripts/safe_mysqld.sh	Thu Mar 13 11:49:43 2003
+++ b/scripts/safe_mysqld.sh	Thu Mar 13 11:49:43 2003
@@ -33,8 +33,12 @@
       --basedir=*) MY_BASEDIR_VERSION=`echo "$arg" | sed -e "s;--[^=]*=;;"` ;;
       --datadir=*) DATADIR=`echo "$arg" | sed -e "s;--[^=]*=;;"` ;;
       --pid-file=*) pid_file=`echo "$arg" | sed -e "s;--[^=]*=;;"` ;;
-      --user=*)    user=`echo "$arg" | sed -e "s;--[^=]*=;;"` ; SET_USER=1 ;;
-
+      --user=*)
+        if test $SET_USER -eq 0
+        then
+          user=`echo "$arg" | sed -e "s;--[^=]*=;;"` ; SET_USER=1
+        fi
+        ;;
       # these two might have been set in a [safe_mysqld] section of my.cnf
       # they get passed via environment variables to safe_mysqld
       --socket=*)  MYSQL_UNIX_PORT=`echo "$arg" | sed -e "s;--[^=]*=;;"` ;;
diff -Nru a/sql/mysqld.cc b/sql/mysqld.cc
--- a/sql/mysqld.cc	Thu Mar 13 11:49:43 2003
+++ b/sql/mysqld.cc	Thu Mar 13 11:49:43 2003
@@ -3639,7 +3639,10 @@
       use_temp_pool=1;
       break;
     case 'u':
-      mysqld_user=optarg;
+      if (!mysqld_user)
+	mysqld_user=optarg;
+      else
+	fprintf(stderr, "Warning: Ignoring user change to '%s' because the user was set to '%s' earlier on the command line\n", optarg, mysqld_user);
       break;
     case 'v':
     case 'V':
diff -Nru a/mysys/default.c b/mysys/default.c
--- a/mysys/default.c	Thu Mar 13 11:49:56 2003
+++ b/mysys/default.c	Thu Mar 13 11:49:56 2003
@@ -246,10 +246,14 @@
 #if !defined(__WIN__) && !defined(OS2)
   {
     MY_STAT stat_info;
-    if (!my_stat(name,&stat_info,MYF(MY_WME)))
+    if (!my_stat(name,&stat_info,MYF(0)))
       return 0;
     if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */
+    {
+      fprintf(stderr, "warning: World-writeable config file %s is ignored\n",
+              name);
       return 0;
+    }
   }
 #endif
   if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
Thread
Re: MySQL user can be changed to root (fwd)Lenz Grimmer10 Mar
  • mysql_install_db patch to support both mysqld-max and mysqldWarly12 Mar
    • Re: mysql_install_db patch to support both mysqld-max and mysqldLenz Grimmer13 Mar
      • Re: mysql_install_db patch to support both mysqld-max and mysqldWarly13 Mar
  • Re: [packagers] Re: MySQL user can be changed to root (fwd)Lenz Grimmer13 Mar
    • Re: [packagers] Re: MySQL user can be changed to root (fwd)Dmitry V. Levin13 Mar
      • Re: [packagers] Re: MySQL user can be changed to root (fwd)Lenz Grimmer13 Mar
        • Re: [packagers] Re: MySQL user can be changed to root (fwd)Dmitry V. Levin13 Mar
          • Re: [packagers] Re: MySQL user can be changed to root (fwd)Sergei Golubchik13 Mar
            • Re: [packagers] Re: MySQL user can be changed to root (fwd)Dmitry V. Levin13 Mar
              • Re: [packagers] Re: MySQL user can be changed to root (fwd)Sergei Golubchik13 Mar
                • Re: [packagers] Re: MySQL user can be changed to root (fwd)Dmitry V. Levin13 Mar
                  • Re: [packagers] Re: MySQL user can be changed to root (fwd)Sergei Golubchik13 Mar
                    • Re: [packagers] Re: MySQL user can be changed to root (fwd)Dmitry V. Levin13 Mar