diff options
| author | Kristofer Pettersson <kristofer.pettersson@oracle.com> | 2010-12-16 11:49:40 +0100 |
|---|---|---|
| committer | Kristofer Pettersson <kristofer.pettersson@oracle.com> | 2010-12-16 11:49:40 +0100 |
| commit | 21da523f1796555fb61d5053ec8509ca3d74a2f6 (patch) | |
| tree | 7615e8932b30c6d5e4429f3d81aca286e900c337 /mysql-test/suite/sys_vars | |
| parent | 4ced023cb81e6465bd03cc38340e439f35dda1be (diff) | |
| download | mariadb-git-21da523f1796555fb61d5053ec8509ca3d74a2f6.tar.gz | |
Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders
"load data infile .." allowed for access to
unautohorized tables.
Due to a faulty if-statement it was possible to
circumvent the secure_file_priv restriction.
mysql-test/mysql-test-run.pl:
* Add SECURE_LOAD_PATH environment variable to mtr test cases.
mysql-test/suite/sys_vars/r/secure_file_priv2.result:
* add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt:
* add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2.test:
* add test for bug58747
sql/sql_load.cc:
* Correct faulty if-statement
* fix indentation
* move my_stat() block to after is_secure_file_path() check.
Diffstat (limited to 'mysql-test/suite/sys_vars')
| -rw-r--r-- | mysql-test/suite/sys_vars/r/secure_file_priv2.result | 6 | ||||
| -rw-r--r-- | mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt | 1 | ||||
| -rw-r--r-- | mysql-test/suite/sys_vars/t/secure_file_priv2.test | 23 |
3 files changed, 30 insertions, 0 deletions
diff --git a/mysql-test/suite/sys_vars/r/secure_file_priv2.result b/mysql-test/suite/sys_vars/r/secure_file_priv2.result new file mode 100644 index 00000000000..ec91b6037d0 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/secure_file_priv2.result @@ -0,0 +1,6 @@ +CREATE TABLE t1 (c1 INT); +LOAD DATA INFILE "t1.MYI" into table t1; +ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement +LOAD DATA INFILE "/test" into table t1; +ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement +DROP TABLE t1; diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt b/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt new file mode 100644 index 00000000000..1d9a49c8f75 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt @@ -0,0 +1 @@ +--secure_file_priv=$SECURE_LOAD_PATH diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv2.test b/mysql-test/suite/sys_vars/t/secure_file_priv2.test new file mode 100644 index 00000000000..0ca0a1839e1 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/secure_file_priv2.test @@ -0,0 +1,23 @@ +# +# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders +# +CREATE TABLE t1 (c1 INT); +# +# Before the patch this statement failed with +# Linux: +# -> errno 13: 'Can't get stat of ' +# Windows: +# -> Warning 1366 Incorrect integer value: '■■☺' for +# -> column 'c1' at row 1 +# Now it should consistently fail with ER_OPTION_PREVENTS_STATEMENT +# on all platforms. +--error ER_OPTION_PREVENTS_STATEMENT +LOAD DATA INFILE "t1.MYI" into table t1; + +# +# The following test makes the assuption that /test isn't a valid path in any +# operating system running the test suite. +--error ER_OPTION_PREVENTS_STATEMENT +LOAD DATA INFILE "/test" into table t1; + +DROP TABLE t1; |