Bug#18628 mysql-test-run: security problem(part1)

 - Implement --secure-file-priv=<dir> option that limits
  "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work 
  with files in specified dir.
 - Use above option for mysqld in mysql-test-run.pl 
parent d1a79492
...@@ -3581,6 +3581,12 @@ sub mysqld_arguments ($$$$$) { ...@@ -3581,6 +3581,12 @@ sub mysqld_arguments ($$$$$) {
mtr_add_arg($args, "%s--basedir=%s", $prefix, $path_my_basedir); mtr_add_arg($args, "%s--basedir=%s", $prefix, $path_my_basedir);
mtr_add_arg($args, "%s--character-sets-dir=%s", $prefix, $path_charsetsdir); mtr_add_arg($args, "%s--character-sets-dir=%s", $prefix, $path_charsetsdir);
if ( $mysql_version_id >= 50036)
{
# Prevent the started mysqld to access files outside of vardir
mtr_add_arg($args, "%s--secure-file-priv=%s", $prefix, $opt_vardir);
}
if ( $mysql_version_id >= 50000 ) if ( $mysql_version_id >= 50000 )
{ {
mtr_add_arg($args, "%s--log-bin-trust-function-creators", $prefix); mtr_add_arg($args, "%s--log-bin-trust-function-creators", $prefix);
......
...@@ -139,4 +139,20 @@ select * from t1; ...@@ -139,4 +139,20 @@ select * from t1;
a b c a b c
10 NULL Ten 10 NULL Ten
15 NULL Fifteen 15 NULL Fifteen
show variables like "secure_file_pri%";
Variable_name Value
secure_file_priv MYSQLTEST_VARDIR/
select @@secure_file_priv;
@@secure_file_priv
MYSQLTEST_VARDIR/
set @@secure_file_priv= 0;
ERROR HY000: Variable 'secure_file_priv' is a read only variable
truncate table t1;
load data infile 'MYSQL_TEST_DIR/Makefile' into table t1;
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
select * from t1;
a b c
select load_file("MYSQL_TEST_DIR/Makefile");
load_file("MYSQL_TEST_DIR/Makefile")
NULL
drop table t1, t2; drop table t1, t2;
...@@ -622,7 +622,7 @@ word ...@@ -622,7 +622,7 @@ word
show status like "Qcache_queries_in_cache"; show status like "Qcache_queries_in_cache";
Variable_name Value Variable_name Value
Qcache_queries_in_cache 1 Qcache_queries_in_cache 1
load data infile 'TEST_DIR/std_data/words.dat' into table t1; load data infile 'MYSQLTEST_VARDIR/std_data_ln/words.dat' into table t1;
show status like "Qcache_queries_in_cache"; show status like "Qcache_queries_in_cache";
Variable_name Value Variable_name Value
Qcache_queries_in_cache 0 Qcache_queries_in_cache 0
......
...@@ -506,26 +506,26 @@ create table t1 (id integer auto_increment unique,imagem LONGBLOB not null defau ...@@ -506,26 +506,26 @@ create table t1 (id integer auto_increment unique,imagem LONGBLOB not null defau
Warnings: Warnings:
Warning 1101 BLOB/TEXT column 'imagem' can't have a default value Warning 1101 BLOB/TEXT column 'imagem' can't have a default value
insert into t1 (id) values (1); insert into t1 (id) values (1);
select select
charset(load_file('../../std_data/words.dat')), charset(load_file('../std_data_ln/words.dat')),
collation(load_file('../../std_data/words.dat')), collation(load_file('../std_data_ln/words.dat')),
coercibility(load_file('../../std_data/words.dat')); coercibility(load_file('../std_data_ln/words.dat'));
charset(load_file('../../std_data/words.dat')) collation(load_file('../../std_data/words.dat')) coercibility(load_file('../../std_data/words.dat')) charset(load_file('../std_data_ln/words.dat')) collation(load_file('../std_data_ln/words.dat')) coercibility(load_file('../std_data_ln/words.dat'))
binary binary 4 binary binary 4
explain extended select explain extended select
charset(load_file('../../std_data/words.dat')), charset(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat')),
collation(load_file('../../std_data/words.dat')), collation(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat')),
coercibility(load_file('../../std_data/words.dat')); coercibility(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'));
id select_type table type possible_keys key key_len ref rows Extra id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE NULL NULL NULL NULL NULL NULL NULL No tables used 1 SIMPLE NULL NULL NULL NULL NULL NULL NULL No tables used
Warnings: Warnings:
Note 1003 select charset(load_file(_latin1'../../std_data/words.dat')) AS `charset(load_file('../../std_data/words.dat'))`,collation(load_file(_latin1'../../std_data/words.dat')) AS `collation(load_file('../../std_data/words.dat'))`,coercibility(load_file(_latin1'../../std_data/words.dat')) AS `coercibility(load_file('../../std_data/words.dat'))` Note 1003 select charset(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `charset(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`,collation(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `collation(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`,coercibility(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `coercibility(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`
update t1 set imagem=load_file('../../std_data/words.dat') where id=1; update t1 set imagem=load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat') where id=1;
select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1; select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1;
if(imagem is null, "ERROR", "OK") length(imagem) if(imagem is null, "ERROR", "OK") length(imagem)
OK 581 OK 581
drop table t1; drop table t1;
create table t1 select load_file('../../std_data/words.dat') l; create table t1 select load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat') l;
show full fields from t1; show full fields from t1;
Field Type Collation Null Key Default Extra Privileges Comment Field Type Collation Null Key Default Extra Privileges Comment
l longblob NULL YES NULL # l longblob NULL YES NULL #
......
...@@ -110,6 +110,29 @@ truncate table t1; ...@@ -110,6 +110,29 @@ truncate table t1;
load data infile '../std_data_ln/rpl_loaddata.dat' into table t1 (@dummy,@n) set a= @n, c= (select str from t2 where num=@n); load data infile '../std_data_ln/rpl_loaddata.dat' into table t1 (@dummy,@n) set a= @n, c= (select str from t2 where num=@n);
select * from t1; select * from t1;
#
# Bug#18628 mysql-test-run: security problem
#
# It should not be possible to load from a file outside of vardir
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
show variables like "secure_file_pri%";
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
select @@secure_file_priv;
--error 1238
set @@secure_file_priv= 0;
# Test "load data"
truncate table t1;
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--error 1290
eval load data infile '$MYSQL_TEST_DIR/Makefile' into table t1;
select * from t1;
# Test "load_file" returns NULL
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
eval select load_file("$MYSQL_TEST_DIR/Makefile");
# cleanup # cleanup
drop table t1, t2; drop table t1, t2;
......
...@@ -84,3 +84,15 @@ FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' ...@@ -84,3 +84,15 @@ FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
FROM schemata LIMIT 0, 5; FROM schemata LIMIT 0, 5;
enable_query_log; enable_query_log;
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4 --exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4
use test;
#
# Bug#18628 mysql-test-run: security problem
#
# It should not be possible to write to a file outside of vardir
create table t1(a int);
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--error 1290
eval select * into outfile "$MYSQL_TEST_DIR/outfile-test1" from t1;
drop table t1;
...@@ -405,8 +405,8 @@ select * from t1 where id=2; ...@@ -405,8 +405,8 @@ select * from t1 where id=2;
create table t1 (word char(20) not null); create table t1 (word char(20) not null);
select * from t1; select * from t1;
show status like "Qcache_queries_in_cache"; show status like "Qcache_queries_in_cache";
--replace_result $MYSQL_TEST_DIR TEST_DIR --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
eval load data infile '$MYSQL_TEST_DIR/std_data/words.dat' into table t1; eval load data infile '$MYSQLTEST_VARDIR/std_data_ln/words.dat' into table t1;
show status like "Qcache_queries_in_cache"; show status like "Qcache_queries_in_cache";
select count(*) from t1; select count(*) from t1;
drop table t1; drop table t1;
......
...@@ -307,22 +307,21 @@ drop table t1; ...@@ -307,22 +307,21 @@ drop table t1;
create table t1 (id integer auto_increment unique,imagem LONGBLOB not null default ''); create table t1 (id integer auto_increment unique,imagem LONGBLOB not null default '');
insert into t1 (id) values (1); insert into t1 (id) values (1);
# We have to clean up the path in the results for safe comparison # We have to clean up the path in the results for safe comparison
--replace_result $MYSQL_TEST_DIR ../.. eval select
eval select charset(load_file('../std_data_ln/words.dat')),
charset(load_file('$MYSQL_TEST_DIR/std_data/words.dat')), collation(load_file('../std_data_ln/words.dat')),
collation(load_file('$MYSQL_TEST_DIR/std_data/words.dat')), coercibility(load_file('../std_data_ln/words.dat'));
coercibility(load_file('$MYSQL_TEST_DIR/std_data/words.dat')); --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
--replace_result $MYSQL_TEST_DIR ../.. eval explain extended select
eval explain extended select charset(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat')),
charset(load_file('$MYSQL_TEST_DIR/std_data/words.dat')), collation(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat')),
collation(load_file('$MYSQL_TEST_DIR/std_data/words.dat')), coercibility(load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat'));
coercibility(load_file('$MYSQL_TEST_DIR/std_data/words.dat')); --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
--replace_result $MYSQL_TEST_DIR ../.. eval update t1 set imagem=load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat') where id=1;
eval update t1 set imagem=load_file('$MYSQL_TEST_DIR/std_data/words.dat') where id=1;
select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1; select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1;
drop table t1; drop table t1;
--replace_result $MYSQL_TEST_DIR ../.. --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
eval create table t1 select load_file('$MYSQL_TEST_DIR/std_data/words.dat') l; eval create table t1 select load_file('$MYSQLTEST_VARDIR/std_data_ln/words.dat') l;
# We mask out the Privileges column because it differs for embedded server # We mask out the Privileges column because it differs for embedded server
--replace_column 8 # --replace_column 8 #
show full fields from t1; show full fields from t1;
......
...@@ -2767,6 +2767,11 @@ String *Item_load_file::val_str(String *str) ...@@ -2767,6 +2767,11 @@ String *Item_load_file::val_str(String *str)
(void) fn_format(path, file_name->c_ptr(), mysql_real_data_home, "", (void) fn_format(path, file_name->c_ptr(), mysql_real_data_home, "",
MY_RELATIVE_PATH | MY_UNPACK_FILENAME); MY_RELATIVE_PATH | MY_UNPACK_FILENAME);
/* Read only allowed from within dir specified by secure_file_priv */
if (opt_secure_file_priv &&
strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv)))
goto err;
if (!my_stat(path, &stat_info, MYF(0))) if (!my_stat(path, &stat_info, MYF(0)))
goto err; goto err;
......
...@@ -1259,6 +1259,7 @@ extern my_bool opt_slave_compressed_protocol, use_temp_pool; ...@@ -1259,6 +1259,7 @@ extern my_bool opt_slave_compressed_protocol, use_temp_pool;
extern my_bool opt_readonly, lower_case_file_system; extern my_bool opt_readonly, lower_case_file_system;
extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs; extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
extern my_bool opt_secure_auth; extern my_bool opt_secure_auth;
extern char* opt_secure_file_priv;
extern my_bool opt_log_slow_admin_statements; extern my_bool opt_log_slow_admin_statements;
extern my_bool sp_automatic_privileges, opt_noacl; extern my_bool sp_automatic_privileges, opt_noacl;
extern my_bool opt_old_style_user_limits, trust_function_creators; extern my_bool opt_old_style_user_limits, trust_function_creators;
......
...@@ -369,6 +369,7 @@ ulong opt_ndb_nodeid; ...@@ -369,6 +369,7 @@ ulong opt_ndb_nodeid;
my_bool opt_readonly, use_temp_pool, relay_log_purge; my_bool opt_readonly, use_temp_pool, relay_log_purge;
my_bool opt_sync_frm, opt_allow_suspicious_udfs; my_bool opt_sync_frm, opt_allow_suspicious_udfs;
my_bool opt_secure_auth= 0; my_bool opt_secure_auth= 0;
char* opt_secure_file_priv= 0;
my_bool opt_log_slow_admin_statements= 0; my_bool opt_log_slow_admin_statements= 0;
my_bool lower_case_file_system= 0; my_bool lower_case_file_system= 0;
my_bool opt_large_pages= 0; my_bool opt_large_pages= 0;
...@@ -1145,6 +1146,7 @@ void clean_up(bool print_message) ...@@ -1145,6 +1146,7 @@ void clean_up(bool print_message)
#endif #endif
x_free(opt_bin_logname); x_free(opt_bin_logname);
x_free(opt_relay_logname); x_free(opt_relay_logname);
x_free(opt_secure_file_priv);
bitmap_free(&temp_pool); bitmap_free(&temp_pool);
free_max_user_conn(); free_max_user_conn();
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION
...@@ -4698,7 +4700,8 @@ enum options_mysqld ...@@ -4698,7 +4700,8 @@ enum options_mysqld
OPT_TABLE_LOCK_WAIT_TIMEOUT, OPT_TABLE_LOCK_WAIT_TIMEOUT,
OPT_PORT_OPEN_TIMEOUT, OPT_PORT_OPEN_TIMEOUT,
OPT_MERGE, OPT_MERGE,
OPT_INNODB_ROLLBACK_ON_TIMEOUT OPT_INNODB_ROLLBACK_ON_TIMEOUT,
OPT_SECURE_FILE_PRIV
}; };
...@@ -5337,6 +5340,10 @@ Can't be set to 1 if --log-slave-updates is used.", ...@@ -5337,6 +5340,10 @@ Can't be set to 1 if --log-slave-updates is used.",
{"secure-auth", OPT_SECURE_AUTH, "Disallow authentication for accounts that have old (pre-4.1) passwords.", {"secure-auth", OPT_SECURE_AUTH, "Disallow authentication for accounts that have old (pre-4.1) passwords.",
(gptr*) &opt_secure_auth, (gptr*) &opt_secure_auth, 0, GET_BOOL, NO_ARG, (gptr*) &opt_secure_auth, (gptr*) &opt_secure_auth, 0, GET_BOOL, NO_ARG,
my_bool(0), 0, 0, 0, 0, 0}, my_bool(0), 0, 0, 0, 0, 0},
{"secure-file-priv", OPT_SECURE_FILE_PRIV,
"Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files within specified directory",
(gptr*) &opt_secure_file_priv, (gptr*) &opt_secure_file_priv, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"server-id", OPT_SERVER_ID, {"server-id", OPT_SERVER_ID,
"Uniquely identifies the server instance in the community of replication partners.", "Uniquely identifies the server instance in the community of replication partners.",
(gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0, (gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
...@@ -6366,6 +6373,7 @@ static void mysql_init_variables(void) ...@@ -6366,6 +6373,7 @@ static void mysql_init_variables(void)
opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname= 0; opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname= 0;
opt_tc_log_file= (char *)"tc.log"; // no hostname in tc_log file name ! opt_tc_log_file= (char *)"tc.log"; // no hostname in tc_log file name !
opt_secure_auth= 0; opt_secure_auth= 0;
opt_secure_file_priv= 0;
opt_bootstrap= opt_myisam_log= 0; opt_bootstrap= opt_myisam_log= 0;
mqh_used= 0; mqh_used= 0;
segfaulted= kill_in_progress= 0; segfaulted= kill_in_progress= 0;
...@@ -7404,6 +7412,16 @@ static void fix_paths(void) ...@@ -7404,6 +7412,16 @@ static void fix_paths(void)
exit(1); exit(1);
} }
#endif /* HAVE_REPLICATION */ #endif /* HAVE_REPLICATION */
/*
Convert the secure-file-priv option to system format, allowing
a quick strcmp to check if read or write is in an allowed dir
*/
if (opt_secure_file_priv)
{
convert_dirname(buff, opt_secure_file_priv, NullS);
my_free(opt_secure_file_priv, MYF(0));
opt_secure_file_priv= my_strdup(buff, MYF(MY_FAE));
}
} }
......
...@@ -358,6 +358,8 @@ sys_query_cache_wlock_invalidate("query_cache_wlock_invalidate", ...@@ -358,6 +358,8 @@ sys_query_cache_wlock_invalidate("query_cache_wlock_invalidate",
&SV::query_cache_wlock_invalidate); &SV::query_cache_wlock_invalidate);
#endif /* HAVE_QUERY_CACHE */ #endif /* HAVE_QUERY_CACHE */
sys_var_bool_ptr sys_secure_auth("secure_auth", &opt_secure_auth); sys_var_bool_ptr sys_secure_auth("secure_auth", &opt_secure_auth);
sys_var_const_str_ptr sys_secure_file_priv("secure_file_priv",
&opt_secure_file_priv);
sys_var_long_ptr sys_server_id("server_id", &server_id, fix_server_id); sys_var_long_ptr sys_server_id("server_id", &server_id, fix_server_id);
sys_var_bool_ptr sys_slave_compressed_protocol("slave_compressed_protocol", sys_var_bool_ptr sys_slave_compressed_protocol("slave_compressed_protocol",
&opt_slave_compressed_protocol); &opt_slave_compressed_protocol);
...@@ -719,6 +721,7 @@ sys_var *sys_variables[]= ...@@ -719,6 +721,7 @@ sys_var *sys_variables[]=
&sys_rpl_recovery_rank, &sys_rpl_recovery_rank,
&sys_safe_updates, &sys_safe_updates,
&sys_secure_auth, &sys_secure_auth,
&sys_secure_file_priv,
&sys_select_limit, &sys_select_limit,
&sys_server_id, &sys_server_id,
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION
...@@ -1027,6 +1030,7 @@ struct show_var_st init_vars[]= { ...@@ -1027,6 +1030,7 @@ struct show_var_st init_vars[]= {
#endif #endif
{sys_rpl_recovery_rank.name,(char*) &sys_rpl_recovery_rank, SHOW_SYS}, {sys_rpl_recovery_rank.name,(char*) &sys_rpl_recovery_rank, SHOW_SYS},
{"secure_auth", (char*) &sys_secure_auth, SHOW_SYS}, {"secure_auth", (char*) &sys_secure_auth, SHOW_SYS},
{"secure_file_priv", (char*) &sys_secure_file_priv, SHOW_SYS},
#ifdef HAVE_SMEM #ifdef HAVE_SMEM
{"shared_memory", (char*) &opt_enable_shared_memory, SHOW_MY_BOOL}, {"shared_memory", (char*) &opt_enable_shared_memory, SHOW_MY_BOOL},
{"shared_memory_base_name", (char*) &shared_memory_base_name, SHOW_CHAR_PTR}, {"shared_memory_base_name", (char*) &shared_memory_base_name, SHOW_CHAR_PTR},
......
...@@ -5045,7 +5045,7 @@ ER_OPTION_PREVENTS_STATEMENT ...@@ -5045,7 +5045,7 @@ ER_OPTION_PREVENTS_STATEMENT
ger "Der MySQL-Server luft mit der Option %s und kann diese Anweisung deswegen nicht ausfhren" ger "Der MySQL-Server luft mit der Option %s und kann diese Anweisung deswegen nicht ausfhren"
por "O servidor MySQL est rodando com a opo %s razo pela qual no pode executar esse commando" por "O servidor MySQL est rodando com a opo %s razo pela qual no pode executar esse commando"
spa "El servidor MySQL est rodando con la opcin %s tal que no puede ejecutar este comando" spa "El servidor MySQL est rodando con la opcin %s tal que no puede ejecutar este comando"
swe "MySQL r startad med --skip-grant-tables. Pga av detta kan du inte anvnda detta kommando" swe "MySQL r startad med %s. Pga av detta kan du inte anvnda detta kommando"
ER_DUPLICATED_VALUE_IN_TYPE ER_DUPLICATED_VALUE_IN_TYPE
eng "Column '%-.100s' has duplicated value '%-.64s' in %s" eng "Column '%-.100s' has duplicated value '%-.64s' in %s"
ger "Feld '%-.100s' hat doppelten Wert '%-.64s' in %s" ger "Feld '%-.100s' hat doppelten Wert '%-.64s' in %s"
......
...@@ -1084,7 +1084,7 @@ static File create_file(THD *thd, char *path, sql_exchange *exchange, ...@@ -1084,7 +1084,7 @@ static File create_file(THD *thd, char *path, sql_exchange *exchange,
IO_CACHE *cache) IO_CACHE *cache)
{ {
File file; File file;
uint option= MY_UNPACK_FILENAME; uint option= MY_UNPACK_FILENAME | MY_RELATIVE_PATH;
#ifdef DONT_ALLOW_FULL_LOAD_DATA_PATHS #ifdef DONT_ALLOW_FULL_LOAD_DATA_PATHS
option|= MY_REPLACE_DIR; // Force use of db directory option|= MY_REPLACE_DIR; // Force use of db directory
...@@ -1097,7 +1097,15 @@ static File create_file(THD *thd, char *path, sql_exchange *exchange, ...@@ -1097,7 +1097,15 @@ static File create_file(THD *thd, char *path, sql_exchange *exchange,
} }
else else
(void) fn_format(path, exchange->file_name, mysql_real_data_home, "", option); (void) fn_format(path, exchange->file_name, mysql_real_data_home, "", option);
if (opt_secure_file_priv &&
strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv)))
{
/* Write only allowed to dir or subdir specified by secure_file_priv */
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
return -1;
}
if (!access(path, F_OK)) if (!access(path, F_OK))
{ {
my_error(ER_FILE_EXISTS_ERROR, MYF(0), exchange->file_name); my_error(ER_FILE_EXISTS_ERROR, MYF(0), exchange->file_name);
......
...@@ -1674,7 +1674,7 @@ public: ...@@ -1674,7 +1674,7 @@ public:
#define SYSTEM_THREAD_SLAVE_SQL 4 #define SYSTEM_THREAD_SLAVE_SQL 4
/* /*
Used to hold information about file and file structure in exchainge Used to hold information about file and file structure in exchange
via non-DB file (...INTO OUTFILE..., ...LOAD DATA...) via non-DB file (...INTO OUTFILE..., ...LOAD DATA...)
XXX: We never call destructor for objects of this class. XXX: We never call destructor for objects of this class.
*/ */
......
...@@ -302,6 +302,15 @@ bool mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, ...@@ -302,6 +302,15 @@ bool mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
is_fifo = 1; is_fifo = 1;
#endif #endif
if (opt_secure_file_priv &&
strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv)))
{
/* Read only allowed from within dir specified by secure_file_priv */
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
DBUG_RETURN(TRUE);
}
} }
if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0) if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0)
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment