From 1af419436456808d05063810dfbeb11ac6aae9aa Mon Sep 17 00:00:00 2001
From: unknown <gluh@mysql.com/eagle.(none)>
Date: Thu, 28 Feb 2008 16:46:52 +0400
Subject: Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(3rd
 version for 5.1) added new function test_if_data_home_dir() which checks that
 path does not contain mysql data home directory. Using of 'mysql data
 home'/'any db name' in DATA DIRECTORY & INDEX DIRECTORY is disallowed

mysql-test/r/partition.result:
  test result
mysql-test/r/partition_not_windows.result:
  result fix
mysql-test/r/partition_symlink.result:
  result fix
mysql-test/r/symlink.result:
  test result update
mysql-test/t/partition.test:
  test case
mysql-test/t/partition_not_windows.test:
  test case update
mysql-test/t/partition_symlink.test:
  test case update
mysql-test/t/symlink.test:
  test case
sql/mysql_priv.h:
  new variable mysql_unpacked_real_data_home
sql/mysqld.cc:
  new variable mysql_unpacked_real_data_home
sql/partition_info.cc:
  new check_partition_dirs() which checks
  data directory and index directory for partition elements
sql/partition_info.h:
  new check_partition_dirs() which checks
  data directory and index directory for partition elements
sql/sql_parse.cc:
  added new function test_if_data_home_dir() which checks that
  path does not contain mysql data home directory.
  Using of 'mysql data home'/'any db name' in
  DATA DIRECTORY & INDEX DIRECTORY is disallowed
---
 mysql-test/t/partition_symlink.test | 40 +++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

(limited to 'mysql-test/t/partition_symlink.test')

diff --git a/mysql-test/t/partition_symlink.test b/mysql-test/t/partition_symlink.test
index ab779ec2b68..4c6acec64eb 100644
--- a/mysql-test/t/partition_symlink.test
+++ b/mysql-test/t/partition_symlink.test
@@ -24,6 +24,10 @@ DROP DATABASE IF EXISTS mysqltest2;
 # files, but not the other way around (any db-user can use any
 # directory or file that the mysqld-process can use, via DATA/INDEX DIR)
 # this is the security flaw that was used in bug#32091 and bug#32111
+
+#--exec mkdir $MYSQLTEST_VARDIR/tmp/test || true
+#--exec mkdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
+
 -- echo # Creating two non colliding tables mysqltest2.t1 and test.t1
 -- echo # test.t1 have partitions in mysqltest2-directory!
 -- echo # user root:
@@ -39,11 +43,11 @@ connect(con1,localhost,mysqltest_1,,);
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p2 VALUES IN (2)
   );
   -- echo # without the patch for bug#32091 this would create
@@ -74,17 +78,18 @@ connection default;
 # So it is using/blocking 2 files in (in 2 different directories
 -- echo # test that symlinks can not overwrite files when CREATE TABLE
 -- echo # user root:
+
   CREATE DATABASE mysqltest2;
   USE mysqltest2;
   -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
    );
 connection con1;
 -- echo # user mysqltest_1:
@@ -94,22 +99,22 @@ connection con1;
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
    );
   -- replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
   -- error 1,1
   eval CREATE TABLE t1 (a INT)
    PARTITION BY LIST (a) (
     PARTITION p0 VALUES IN (0)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/test'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/test',
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp',
     PARTITION p1 VALUES IN (1)
-     DATA DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
-     INDEX DIRECTORY '$MYSQLTEST_VARDIR/master-data/mysqltest2'
+     DATA DIRECTORY '$MYSQLTEST_VARDIR/tmp'
+     INDEX DIRECTORY '$MYSQLTEST_VARDIR/tmp'
   );
 connection default;
 -- echo # user root (cleanup):
@@ -118,4 +123,5 @@ connection default;
   DROP USER mysqltest_1@localhost;
   disconnect con1;
 
-
+#--exec rmdir $MYSQLTEST_VARDIR/tmp/test || true
+#--exec rmdir $MYSQLTEST_VARDIR/tmp/mysqltest2 || true
-- 
cgit v1.2.1