diff options
| author | Shishir Jaiswal <shishir.j.jaiswal@oracle.com> | 2017-12-02 15:12:32 +0530 |
|---|---|---|
| committer | Shishir Jaiswal <shishir.j.jaiswal@oracle.com> | 2017-12-02 15:12:32 +0530 |
| commit | ecc5a07874d44307b835ff5dbd091343961fbc93 (patch) | |
| tree | 63b0ef914f4aca7289bb5ec48de86ebad1fc7a62 /sql/CMakeLists.txt | |
| parent | 8bc828b982f678d6b57c1853bbe78080c8f84e84 (diff) | |
| download | mariadb-git-ecc5a07874d44307b835ff5dbd091343961fbc93.tar.gz | |
Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS
ROOT
DESCRIPTION
===========
If the .pid file is created at a world-writable location,
it can be compromised by replacing the server's pid with
another running server's (or some other non-mysql process)
PID causing abnormal behaviour.
ANALYSIS
========
In such a case, user should be warned that .pid file is
being created at a world-writable location.
FIX
===
A new function is_file_or_dir_world_writable() is defined
and it is called in create_pid_file() before .pid file
creation. If the location is world-writable, a relevant
warning is thrown.
NOTE
====
1. PID file is always created with permission bit 0664, so
for outside world its read-only.
2. Ignoring the case when permission is denied to get the
dir stats since the .pid file creation would fail anyway in
such a case.
Diffstat (limited to 'sql/CMakeLists.txt')
| -rw-r--r-- | sql/CMakeLists.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt index 531561ac36d..aa7e0312e05 100644 --- a/sql/CMakeLists.txt +++ b/sql/CMakeLists.txt @@ -78,7 +78,7 @@ SET (SQL_SOURCE sql_profile.cc event_parse_data.cc sql_alter.cc sql_signal.cc rpl_handler.cc mdl.cc sql_admin.cc transaction.cc sys_vars.cc sql_truncate.cc datadict.cc - sql_reload.cc + sql_reload.cc ../sql-common/my_path_permissions.cc ${GEN_SOURCES} ${CONF_SOURCES} ${MYSYS_LIBWRAP_SOURCE}) |