Bug#18628 mysql-test-run: security problem(part1)

- Implement --secure-file-priv=<dir> option that limits "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work with files in specified dir. - Use above option for mysqld in mysql-test-run.pl
author: msvensson@pilot.mysql.com <> 2007-02-14 14:44:34 +0100
committer: msvensson@pilot.mysql.com <> 2007-02-14 14:44:34 +0100
commit: 45fe5879f4e3130acbe112a200dd79db03707d16 (patch)
tree: f44f19f58dde92ae9260a654f9d2d1be4cd163f5 /mysql-test/r/loaddata.result
parent: d1a7949297a5475765c35566747c627abc15c4ac (diff)
download: mariadb-git-45fe5879f4e3130acbe112a200dd79db03707d16.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/mysql-test/r/loaddata.result b/mysql-test/r/loaddata.result
index d415bd468e0..83c7b37d914 100644
--- a/mysql-test/r/loaddata.result
+++ b/mysql-test/r/loaddata.result
@@ -139,4 +139,20 @@ select * from t1;
 a	b	c
 10	NULL	Ten
 15	NULL	Fifteen
+show variables like "secure_file_pri%";
+Variable_name	Value
+secure_file_priv	MYSQLTEST_VARDIR/
+select @@secure_file_priv;
+@@secure_file_priv
+MYSQLTEST_VARDIR/
+set @@secure_file_priv= 0;
+ERROR HY000: Variable 'secure_file_priv' is a read only variable
+truncate table t1;
+load data infile 'MYSQL_TEST_DIR/Makefile' into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+select * from t1;
+a	b	c
+select load_file("MYSQL_TEST_DIR/Makefile");
+load_file("MYSQL_TEST_DIR/Makefile")
+NULL
 drop table t1, t2;
author	msvensson@pilot.mysql.com <>	2007-02-14 14:44:34 +0100
committer	msvensson@pilot.mysql.com <>	2007-02-14 14:44:34 +0100
commit	45fe5879f4e3130acbe112a200dd79db03707d16 (patch)
tree	f44f19f58dde92ae9260a654f9d2d1be4cd163f5 /mysql-test/r/loaddata.result
parent	d1a7949297a5475765c35566747c627abc15c4ac (diff)
download	mariadb-git-45fe5879f4e3130acbe112a200dd79db03707d16.tar.gz