diff options
| author | Shishir Jaiswal <shishir.j.jaiswal@oracle.com> | 2017-12-02 15:12:32 +0530 |
|---|---|---|
| committer | Shishir Jaiswal <shishir.j.jaiswal@oracle.com> | 2017-12-02 15:12:32 +0530 |
| commit | ecc5a07874d44307b835ff5dbd091343961fbc93 (patch) | |
| tree | 63b0ef914f4aca7289bb5ec48de86ebad1fc7a62 /include | |
| parent | 8bc828b982f678d6b57c1853bbe78080c8f84e84 (diff) | |
| download | mariadb-git-ecc5a07874d44307b835ff5dbd091343961fbc93.tar.gz | |
Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS
ROOT
DESCRIPTION
===========
If the .pid file is created at a world-writable location,
it can be compromised by replacing the server's pid with
another running server's (or some other non-mysql process)
PID causing abnormal behaviour.
ANALYSIS
========
In such a case, user should be warned that .pid file is
being created at a world-writable location.
FIX
===
A new function is_file_or_dir_world_writable() is defined
and it is called in create_pid_file() before .pid file
creation. If the location is world-writable, a relevant
warning is thrown.
NOTE
====
1. PID file is always created with permission bit 0664, so
for outside world its read-only.
2. Ignoring the case when permission is denied to get the
dir stats since the .pid file creation would fail anyway in
such a case.
Diffstat (limited to 'include')
| -rw-r--r-- | include/sql_common.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/sql_common.h b/include/sql_common.h index 05bbb5a4f53..45e90d438fb 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -107,6 +107,7 @@ void mysql_client_plugin_deinit(); struct st_mysql_client_plugin; extern struct st_mysql_client_plugin *mysql_client_builtins[]; extern my_bool libmysql_cleartext_plugin_enabled; +int is_file_or_dir_world_writable(const char *filepath); #ifdef __cplusplus } |