Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(3rd version for 5.1)

added new function test_if_data_home_dir() which checks that path does not contain mysql data home directory. Using of 'mysql data home'/'any db name' in DATA DIRECTORY & INDEX DIRECTORY is disallowed mysql-test/r/partition.result: test result mysql-test/r/partition_not_windows.result: result fix mysql-test/r/partition_symlink.result: result fix mysql-test/r/symlink.result: test result update mysql-test/t/partition.test: test case mysql-test/t/partition_not_windows.test: test case update mysql-test/t/partition_symlink.test: test case update mysql-test/t/symlink.test: test case sql/mysql_priv.h: new variable mysql_unpacked_real_data_home sql/mysqld.cc: new variable mysql_unpacked_real_data_home sql/partition_info.cc: new check_partition_dirs() which checks data directory and index directory for partition elements sql/partition_info.h: new check_partition_dirs() which checks data directory and index directory for partition elements sql/sql_parse.cc: added new function test_if_data_home_dir() which checks that path does not contain mysql data home directory. Using of 'mysql data home'/'any db name' in DATA DIRECTORY & INDEX DIRECTORY is disallowed
author: unknown <gluh@mysql.com/eagle.(none)> 2008-02-28 16:46:52 +0400
committer: unknown <gluh@mysql.com/eagle.(none)> 2008-02-28 16:46:52 +0400
commit: 1af419436456808d05063810dfbeb11ac6aae9aa (patch)
tree: 27bc731a8940e594404bf9434eaf2ea42c43308e /mysql-test/t/partition_symlink.test
parent: 9c0ee58fc4db70b2189902beec1e9056213cde3f (diff)
download: mariadb-git-1af419436456808d05063810dfbeb11ac6aae9aa.tar.gz
1 files changed, 23 insertions, 17 deletions
diff --git a/mysql-test/t/partition_symlink.test b/mysql-test/t/partition_symlink.test
index ab779ec2b68..4c6acec64eb 100644
--- a/mysql-test/t/partition_symlink.test
+++ b/mysql-test/t/partition_symlink.test
@@ -24,6 +24,10 @@ DROP DATABASE IF EXISTS mysqltest2;
 # files, but not the other way around (any db-user can use any
 # directory or file that the mysqld-process can use, via DATA/INDEX DIR)
 # this is the security flaw that was used in bug#32091 and bug#32111
+
+#--exec mkdir $MYSQLTEST_VARDIR/tmp/test || true
+#--exec mkdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
+
 -- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
 -- echo # test.t1 have partitions in mysqltest2-directory!
 -- echo # user root:
@@ -39,11 +43,11 @@ connect(con1,localhost,mysqltest_1,,);
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p2 VALUES IN (2)
   );
   -- echo # without the patch for bug#32091 this would create
@@ -74,17 +78,18 @@ connection default;
 # So it is using/blocking 2 files in (in 2 different directories
 -- echo # test that symlinks can not overwrite files when CREATE TABLE
 -- echo # user root:
+
   CREATE DATABASE mysqltest2;
   USE mysqltest2;
   -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
    );
 connection con1;
 -- echo # user mysqltest_1:
@@ -94,22 +99,22 @@ connection con1;
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
    );
   -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
   -- error 1,1
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
   );
 connection default;
 -- echo # user root (cleanup):
@@ -118,4 +123,5 @@ connection default;
   DROP USER mysqltest_1@localhost;
   disconnect con1;
 
-
+#--exec rmdir $MYSQLTEST_VARDIR/tmp/test || true
+#--exec rmdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
author	unknown <gluh@mysql.com/eagle.(none)>	2008-02-28 16:46:52 +0400
committer	unknown <gluh@mysql.com/eagle.(none)>	2008-02-28 16:46:52 +0400
commit	1af419436456808d05063810dfbeb11ac6aae9aa (patch)
tree	27bc731a8940e594404bf9434eaf2ea42c43308e /mysql-test/t/partition_symlink.test
parent	9c0ee58fc4db70b2189902beec1e9056213cde3f (diff)
download	mariadb-git-1af419436456808d05063810dfbeb11ac6aae9aa.tar.gz