BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE

RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites the file to which the symlink points. This is security issue, because it is possible to create a table with some name in some non-system database and set DATA/INDEX DIRECTORY to mysql system database. Renaming this table to one of mysql system tables (e.g. user, host) would overwrite the system table. Return an error when the file to which the symlink points exist.
author: svoj@mysql.com/june.mysql.com <> 2007-11-06 18:09:33 +0400
committer: svoj@mysql.com/june.mysql.com <> 2007-11-06 18:09:33 +0400
commit: d06e2f922354bb1f98f5fe434ea5445c99af215d (patch)
tree: 5f5c06038a6e7b16dd4b68129841b6f35fa87527 /mysql-test/t/symlink.test
parent: 5cbe511f3b8309093ec9314e6eace5a2d39d0db1 (diff)
download: mariadb-git-d06e2f922354bb1f98f5fe434ea5445c99af215d.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/mysql-test/t/symlink.test b/mysql-test/t/symlink.test
index 7a42a60054e..9750e6fdfdd 100644
--- a/mysql-test/t/symlink.test
+++ b/mysql-test/t/symlink.test
@@ -112,3 +112,15 @@ eval alter table t1 index directory="$MYSQL_TEST_DIR/var/log";
 enable_query_log;
 show create table t1;
 drop table t1;
+
+#
+# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
+#
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/mysql'
+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data/mysql';
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1
+RENAME TABLE t1 TO user;
+DROP TABLE t1;
author	svoj@mysql.com/june.mysql.com <>	2007-11-06 18:09:33 +0400
committer	svoj@mysql.com/june.mysql.com <>	2007-11-06 18:09:33 +0400
commit	d06e2f922354bb1f98f5fe434ea5445c99af215d (patch)
tree	5f5c06038a6e7b16dd4b68129841b6f35fa87527 /mysql-test/t/symlink.test
parent	5cbe511f3b8309093ec9314e6eace5a2d39d0db1 (diff)
download	mariadb-git-d06e2f922354bb1f98f5fe434ea5445c99af215d.tar.gz