Bug #11764517: 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV

USING '..' ON WINDOWS Backport of the fix to 5.0 (to be null-merged to 5.1). Moved the test into the main test suite. Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks are now properly recognized by secure_file_priv. Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE that are checked against secure_file_priv in a correct way similarly to 5.1 by the extended is_secure_file_path() backport before the comparison. Added an extensive test with all the variants of upper/lower case, slash/backslash and case sensitivity. Added few comments to the code.
author: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2011-04-28 12:22:41 +0300
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2011-04-28 12:22:41 +0300
commit: 59d7516005af28dce97c3f4251e2d7da2e31d203 (patch)
tree: 65c1bdb17e8f4d53ba52f73aef750d72c771c28b /mysql-test/t/secure_file_priv_win-master.opt
parent: 0d2f7502b5d10fe3c6ac0be134e8fab660d5c6da (diff)
download: mariadb-git-59d7516005af28dce97c3f4251e2d7da2e31d203.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/mysql-test/t/secure_file_priv_win-master.opt b/mysql-test/t/secure_file_priv_win-master.opt
new file mode 100644
index 00000000000..e9a43a5584d
--- /dev/null
+++ b/mysql-test/t/secure_file_priv_win-master.opt
@@ -0,0 +1 @@
+--secure_file_priv=$MYSQL_TMP_DIR
author	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2011-04-28 12:22:41 +0300
committer	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2011-04-28 12:22:41 +0300
commit	59d7516005af28dce97c3f4251e2d7da2e31d203 (patch)
tree	65c1bdb17e8f4d53ba52f73aef750d72c771c28b /mysql-test/t/secure_file_priv_win-master.opt
parent	0d2f7502b5d10fe3c6ac0be134e8fab660d5c6da (diff)
download	mariadb-git-59d7516005af28dce97c3f4251e2d7da2e31d203.tar.gz