On Thu, Mar 13, 2003 at 12:01:24PM +0100, Lenz Grimmer wrote:
> Dmitry, I did not forget your patch request - sorry for not getting back
> to you about this yet. The individual patches required to fix the first
> problem reported on bugtraq (creating my.cnf with additional --user
> parameters) can be obtained from here (they are in multiple BK
> Changesets):
Too late, I've already made the patch myself.
Btw, your patch introduces TOCTOU race condition:
> @@ -241,6 +242,16 @@
> {
> strmov(name,config_file);
> }
> + fn_format(name,name,"","",4);
> +#if !defined(__WIN__) && !defined(OS2)
> + {
> + MY_STAT stat_info;
> + if (!my_stat(name,&stat_info,MYF(MY_WME)))
> + return 0;
> + if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */
> + return 0;
> + }
> +#endif
> if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
> return 0; /* Ignore wrong files */
>
I'd recommend to replace this construction with my_fopen/my_fstat if at all possible.
--
ldv
Attachment: [application/pgp-signature]
