Merge pull request #637 from grooverdan/5.5-galera

MDEV-8743: use CLOEXEC to protect mariadb files from sst script touching
author: Jan Lindström <jan.lindstrom@mariadb.com> 2018-03-14 10:29:47 +0200
committer: GitHub <noreply@github.com> 2018-03-14 10:29:47 +0200
commit: 804a7e60d746adf95001d58ee25062c8f4157928 (patch)
tree: 8591d9e64041bd44632a0b9e1a5fd8d25b520ec6
parent: 09b25f85966f44aae933e86b84b4ebe59ded47c3 (diff)
parent: d3c0e34bdc99ee57fd5d63237d29531d1afdef2b (diff)
download: mariadb-git-804a7e60d746adf95001d58ee25062c8f4157928.tar.gz
11 files changed, 37 insertions, 23 deletions
diff --git a/include/my_global.h b/include/my_global.h
index cf140cf54ce..6e8fb33b137 100644
--- a/include/my_global.h
+++ b/include/my_global.h
@@ -578,6 +578,12 @@ typedef SOCKET_SIZE_TYPE size_socket;
 #ifndef O_NOFOLLOW
 #define O_NOFOLLOW      0
 #endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC       0
+#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC    0
+#endif
 
 /* additional file share flags for win32 */
 #ifdef __WIN__
diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c
index 12959f1f24a..f2dd2e596ff 100644
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@@ -236,7 +236,7 @@ const char *my_open_parent_dir_nosymlinks(const char *pathname, int *pdfd)
       return pathname + (s - buf);
     }
 
-    fd = openat(dfd, s, O_NOFOLLOW | O_PATH);
+    fd = openat(dfd, s, O_NOFOLLOW | O_PATH | O_CLOEXEC);
     if (fd < 0)
       goto err;
 
diff --git a/sql/log.cc b/sql/log.cc
index 4760e668aeb..ca7833a0460 100644
--- a/sql/log.cc
+++ b/sql/log.cc
@@ -2466,7 +2466,7 @@ bool MYSQL_LOG::open(
   File file= -1;
   my_off_t seek_offset;
   bool is_fifo = false;
-  int open_flags= O_CREAT | O_BINARY;
+  int open_flags= O_CREAT | O_BINARY | O_CLOEXEC;
   DBUG_ENTER("MYSQL_LOG::open");
   DBUG_PRINT("enter", ("log_type: %d", (int) log_type_arg));
 
@@ -3088,7 +3088,7 @@ bool MYSQL_BIN_LOG::open_index_file(const char *index_file_name_arg,
             ".index", opt);
   if ((index_file_nr= mysql_file_open(m_key_file_log_index,
                                       index_file_name,
-                                      O_RDWR | O_CREAT | O_BINARY,
+                                      O_RDWR | O_CREAT | O_BINARY | O_CLOEXEC,
                                       MYF(MY_WME))) < 0 ||
        mysql_file_sync(index_file_nr, MYF(MY_WME)) ||
        init_io_cache(&index_file, index_file_nr,
@@ -7045,14 +7045,14 @@ int TC_LOG_MMAP::open(const char *opt_name)
   DBUG_ASSERT(TC_LOG_PAGE_SIZE % tc_log_page_size == 0);
 
   fn_format(logname,opt_name,mysql_data_home,"",MY_UNPACK_FILENAME);
-  if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR, MYF(0))) < 0)
+  if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR | O_CLOEXEC, MYF(0))) < 0)
   {
     if (my_errno != ENOENT)
       goto err;
     if (using_heuristic_recover())
       return 1;
     if ((fd= mysql_file_create(key_file_tclog, logname, CREATE_MODE,
-                               O_RDWR, MYF(MY_WME))) < 0)
+                               O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0)
       goto err;
     inited=1;
     file_length= opt_tc_log_size;
diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc
index 3a96763d6c2..c9eee5b4dcd 100644
--- a/storage/innobase/handler/ha_innodb.cc
+++ b/storage/innobase/handler/ha_innodb.cc
@@ -1411,8 +1411,12 @@ innobase_mysql_tmpfile(void)
 			}	
 		}
 #else
+#ifdef F_DUPFD_CLOEXEC
+		fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0);
+#else
 		fd2 = dup(fd);
 #endif
+#endif
 		if (fd2 < 0) {
 			DBUG_PRINT("error",("Got error %d on dup",fd2));
 			my_errno=errno;
diff --git a/storage/innobase/os/os0file.c b/storage/innobase/os/os0file.c
index a6156e555b5..a410d4644ac 100644
--- a/storage/innobase/os/os0file.c
+++ b/storage/innobase/os/os0file.c
@@ -1184,10 +1184,10 @@ try_again:
 	}
 
 	if (create_mode == OS_FILE_CREATE) {
-		file = open(name, create_flag, S_IRUSR | S_IWUSR
+		file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR
 			    | S_IRGRP | S_IWGRP);
 	} else {
-		file = open(name, create_flag);
+		file = open(name, create_flag | O_CLOEXEC);
 	}
 
 	if (file == -1) {
@@ -1631,7 +1631,7 @@ try_again:
 	}
 #endif /* O_SYNC */
 
-	file = open(name, create_flag, os_innodb_umask);
+	file = open(name, create_flag | O_CLOEXEC, os_innodb_umask);
 
 	if (file == -1) {
 		*success = FALSE;
diff --git a/storage/maria/ma_control_file.c b/storage/maria/ma_control_file.c
index 2fa3e6ed18e..11cb4c5fd24 100644
--- a/storage/maria/ma_control_file.c
+++ b/storage/maria/ma_control_file.c
@@ -273,7 +273,7 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing,
     " file is probably in use by another process";
   uint new_cf_create_time_size, new_cf_changeable_size, new_block_size;
   my_off_t file_size;
-  int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR;
+  int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR | O_CLOEXEC;
   int error= CONTROL_FILE_UNKNOWN_ERROR;
   DBUG_ENTER("ma_control_file_open");
 
diff --git a/storage/maria/ma_loghandler.c b/storage/maria/ma_loghandler.c
index 2118b3b6ce6..f31662ce003 100644
--- a/storage/maria/ma_loghandler.c
+++ b/storage/maria/ma_loghandler.c
@@ -942,7 +942,7 @@ static File create_logfile_by_number_no_cache(uint32 file_no)
   /* TODO: add O_DIRECT to open flags (when buffer is aligned) */
   if ((file= mysql_file_create(key_file_translog,
                                translog_filename_by_fileno(file_no, path),
-                               0, O_BINARY | O_RDWR, MYF(MY_WME))) < 0)
+                               0, O_BINARY | O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0)
   {
     DBUG_PRINT("error", ("Error %d during creating file '%s'", errno, path));
     translog_stop_writing();
@@ -979,7 +979,7 @@ static File open_logfile_by_number_no_cache(uint32 file_no)
   /* TODO: use mysql_file_create() */
   if ((file= mysql_file_open(key_file_translog,
                              translog_filename_by_fileno(file_no, path),
-                             log_descriptor.open_flags,
+                             log_descriptor.open_flags | O_CLOEXEC,
                              MYF(MY_WME))) < 0)
   {
     DBUG_PRINT("error", ("Error %d during opening file '%s'", errno, path));
@@ -3263,7 +3263,7 @@ static my_bool translog_get_last_page_addr(TRANSLOG_ADDRESS *addr,
     File fd;
     if ((fd= mysql_file_open(key_file_translog,
                              translog_filename_by_fileno(file_no, path),
-                             O_RDONLY, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0)
+                             O_RDONLY | O_CLOEXEC, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0)
     {
       my_errno= errno;
       DBUG_PRINT("error", ("Error %d during opening file #%d",
diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c
index a382c30e025..d9ff2179691 100644
--- a/storage/maria/ma_open.c
+++ b/storage/maria/ma_open.c
@@ -314,13 +314,13 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags)
                     });
     DEBUG_SYNC_C("mi_open_kfile");
     if ((kfile=mysql_file_open(key_file_kfile, name_buff,
-                               (open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW,
+                               (open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
                                MYF(MY_NOSYMLINKS))) < 0)
     {
       if ((errno != EROFS && errno != EACCES) ||
 	  mode != O_RDONLY ||
 	  (kfile=mysql_file_open(key_file_kfile, name_buff,
-                                 (open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW,
+                                 (open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
                                  MYF(MY_NOSYMLINKS))) < 0)
 	goto err;
     }
@@ -1885,7 +1885,7 @@ int _ma_open_datafile(MARIA_HA *info, MARIA_SHARE *share)
   DEBUG_SYNC_C("mi_open_datafile");
   info->dfile.file= share->bitmap.file.file=
     mysql_file_open(key_file_dfile, share->data_file_name.str,
-                    share->mode | O_SHARE, MYF(flags));
+                    share->mode | O_SHARE | O_CLOEXEC, MYF(flags));
   return info->dfile.file >= 0 ? 0 : 1;
 }
 
@@ -1899,7 +1899,7 @@ int _ma_open_keyfile(MARIA_SHARE *share)
   mysql_mutex_lock(&share->intern_lock);
   share->kfile.file= mysql_file_open(key_file_kfile,
                                      share->unique_file_name.str,
-                                     share->mode | O_SHARE | O_NOFOLLOW,
+                                     share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
                              MYF(MY_WME | MY_NOSYMLINKS));
   mysql_mutex_unlock(&share->intern_lock);
   return (share->kfile.file < 0);
diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c
index 86b70129203..9775aade9c1 100644
--- a/storage/myisam/mi_open.c
+++ b/storage/myisam/mi_open.c
@@ -117,13 +117,13 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
 
     DEBUG_SYNC_C("mi_open_kfile");
     if ((kfile= mysql_file_open(mi_key_file_kfile, name_buff,
-                                (open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW,
+                                (open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
                                 MYF(MY_NOSYMLINKS))) < 0)
     {
       if ((errno != EROFS && errno != EACCES) ||
 	  mode != O_RDONLY ||
           (kfile= mysql_file_open(mi_key_file_kfile, name_buff,
-                                  (open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW,
+                                  (open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW | O_CLOEXEC,
                                   MYF(MY_NOSYMLINKS))) < 0)
 	goto err;
     }
@@ -1249,7 +1249,7 @@ int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share)
   myf flags= MY_WME | (share->mode & O_NOFOLLOW ? MY_NOSYMLINKS: 0);
   DEBUG_SYNC_C("mi_open_datafile");
   info->dfile= mysql_file_open(mi_key_file_dfile, share->data_file_name,
-                               share->mode | O_SHARE, MYF(flags));
+                               share->mode | O_SHARE | O_CLOEXEC, MYF(flags));
   return info->dfile >= 0 ? 0 : 1;
 }
 
@@ -1258,7 +1258,7 @@ int mi_open_keyfile(MYISAM_SHARE *share)
 {
   if ((share->kfile= mysql_file_open(mi_key_file_kfile,
                                      share->unique_file_name,
-                                     share->mode | O_SHARE | O_NOFOLLOW,
+                                     share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
                                      MYF(MY_NOSYMLINKS | MY_WME))) < 0)
     return 1;
   return 0;
diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc
index f99ae7c7de9..04fbcd1a9fd 100644
--- a/storage/xtradb/handler/ha_innodb.cc
+++ b/storage/xtradb/handler/ha_innodb.cc
@@ -1678,8 +1678,12 @@ innobase_mysql_tmpfile(void)
 			}	
 		}
 #else
+#ifdef F_DUPFD_CLOEXEC
+		fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0);
+#else
 		fd2 = dup(fd);
 #endif
+#endif
 		if (fd2 < 0) {
 			DBUG_PRINT("error",("Got error %d on dup",fd2));
 			my_errno=errno;
diff --git a/storage/xtradb/os/os0file.c b/storage/xtradb/os/os0file.c
index 8e5cc9a6ba6..d0f014e8f08 100644
--- a/storage/xtradb/os/os0file.c
+++ b/storage/xtradb/os/os0file.c
@@ -1286,10 +1286,10 @@ try_again:
 	}
 
 	if (create_mode == OS_FILE_CREATE) {
-		file = open(name, create_flag, S_IRUSR | S_IWUSR
+		file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR
 			    | S_IRGRP | S_IWGRP);
 	} else {
-		file = open(name, create_flag);
+		file = open(name, create_flag | O_CLOEXEC);
 	}
 
 	if (file == -1) {
@@ -1752,7 +1752,7 @@ try_again:
 	}
 #endif /* O_SYNC */
 
-	file = open(name, create_flag, os_innodb_umask);
+	file = open(name, create_flag | O_CLOEXEC, os_innodb_umask);
 
 	if (file == -1) {
 		*success = FALSE;
author	Jan Lindström <jan.lindstrom@mariadb.com>	2018-03-14 10:29:47 +0200
committer	GitHub <noreply@github.com>	2018-03-14 10:29:47 +0200
commit	804a7e60d746adf95001d58ee25062c8f4157928 (patch)
tree	8591d9e64041bd44632a0b9e1a5fd8d25b520ec6
parent	09b25f85966f44aae933e86b84b4ebe59ded47c3 (diff)
parent	d3c0e34bdc99ee57fd5d63237d29531d1afdef2b (diff)
download	mariadb-git-804a7e60d746adf95001d58ee25062c8f4157928.tar.gz