• Alexey Botchkov's avatar
    Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. · 585e3469
    Alexey Botchkov authored
          
          test_if_data_home_dir fixed to look into real path.
          Checks added to mi_open for symlinks into data home directory.
    modified:
      include/my_sys.h
      include/myisam.h
      myisam/mi_check.c
      myisam/mi_open.c
      myisam/mi_static.c
      myisam/myisamchk.c
      myisam/myisamdef.h
      mysql-test/r/symlink.result
      mysys/my_symlink.c
      sql/mysql_priv.h
      sql/mysqld.cc
      sql/sql_parse.cc
    
    per-file messages:
      include/my_sys.h
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        my_is_symlink interface added
      include/myisam.h
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        myisam_test_invalid_symlink interface added
      myisam/mi_check.c
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        mi_open_datafile calls modified
      myisam/mi_open.c
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        code added to mi_open to check for symlinks into data home directory.
        mi_open_datafile now accepts 'original' file path to check if it's
        an allowed symlink.
      myisam/mi_static.c
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        myisam_test_invlaid_symlink defined
      myisam/myisamchk.c
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        mi_open_datafile call modified
      myisam/myisamdef.h
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        mi_open_datafile interface modified - 'real_path' parameter added
      mysql-test/r/symlink.test
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        error codes corrected as some patch now rejected pointing inside datahome
      mysql-test/r/symlink.result
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        error messages corrected in the result
      mysys/my_symlink.c
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        my_is_symlink() implementsd
        my_realpath() now returns the 'realpath' even if a file isn't a symlink
      sql/mysql_priv.h
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        test_if_data_home_dir interface
      sql/mysqld.cc
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        myisam_test_invalid_symlik set with the 'test_if_data_home_dir'
      sql/sql_parse.cc
        Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
        
        error messages corrected
        test_if_data_home_dir code fixed
    585e3469
mi_static.c 2.38 KB