diff options
| author | unknown <msvensson@pilot.mysql.com> | 2007-02-14 14:44:34 +0100 |
|---|---|---|
| committer | unknown <msvensson@pilot.mysql.com> | 2007-02-14 14:44:34 +0100 |
| commit | c4ae01e6f0e9055f0e541aa42a653c6ab0e24b7b (patch) | |
| tree | f44f19f58dde92ae9260a654f9d2d1be4cd163f5 /sql/sql_load.cc | |
| parent | e04d00100429373fc4575895cbd282d1289e6dbd (diff) | |
| download | mariadb-git-c4ae01e6f0e9055f0e541aa42a653c6ab0e24b7b.tar.gz | |
Bug#18628 mysql-test-run: security problem(part1)
- Implement --secure-file-priv=<dir> option that limits
"load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work
with files in specified dir.
- Use above option for mysqld in mysql-test-run.pl
mysql-test/mysql-test-run.pl:
Add usage of --secure-file-priv=vardir when starting mysqld
mysql-test/r/loaddata.result:
Update test result after adding test to check that secure-file-priv
works for "load data" and "load_file"
mysql-test/r/outfile.result:
Update result
mysql-test/r/query_cache.result:
Can't load from outside of vardir anymore
mysql-test/r/type_blob.result:
Can't load from outside of vardir anymore
mysql-test/t/loaddata.test:
Update test result after adding test to check that secure-file-priv
works for "load data" and "load_file"
mysql-test/t/outfile.test:
Update test result after adding test to check that secure-file-priv
works for "SELECT .. INTO OUTFILE"
mysql-test/t/query_cache.test:
Can't load from outside of vardir anymore
mysql-test/t/type_blob.test:
Can't load from outside of vardir anymore
sql/item_strfunc.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/mysql_priv.h:
Add secure_file_priv
sql/mysqld.cc:
Add "--secure_file_priv"
sql/set_var.cc:
Add variable "secure_file_priv" to "show variables"
sql/sql_class.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/sql_class.h:
Fix spelling error
sql/sql_load.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/share/errmsg.txt:
Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded
to --skip-grant-tables
Diffstat (limited to 'sql/sql_load.cc')
| -rw-r--r-- | sql/sql_load.cc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 0e4057d9ae4..ede70adc378 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -302,6 +302,15 @@ bool mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) is_fifo = 1; #endif + + if (opt_secure_file_priv && + strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv))) + { + /* Read only allowed from within dir specified by secure_file_priv */ + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv"); + DBUG_RETURN(TRUE); + } + } if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0) DBUG_RETURN(TRUE); |