BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites the file to which the symlink points. This is security issue, because it is possible to create a table with some name in some non-system database and set DATA/INDEX DIRECTORY to mysql system database. Renaming this table to one of mysql system tables (e.g. user, host) would overwrite the system table. Return an error when the file to which the symlink points exist. mysql-test/r/symlink.result: A test case for BUG#32111. mysql-test/t/symlink.test: A test case for BUG#32111. mysys/my_symlink2.c: Return an error when the file to which the symlink points exist.
Showing
Please register or sign in to comment