Bug#24707666: DEFAULT SETTING FOR SECURE-FILE-PRIV SHOULD BE

              RESTRICTED IN ALL GA RELEASES

Back port of WL#6782 to 5.5 and 5.6. This also includes
back port of Bug#20771331, Bug#20741572 and Bug#20770671.
Bug#24695274 and Bug#24679907 are also handled along with
this.

config.h.cmake

@@ -624,4 +624,8 @@
 #cmakedefine SIZEOF_TIME_T @SIZEOF_TIME_T@
 #cmakedefine TIME_T_UNSIGNED @TIME_T_UNSIGNED@
 
+/* For --secure-file-priv */
+#cmakedefine DEFAULT_SECURE_FILE_PRIV_DIR @DEFAULT_SECURE_FILE_PRIV_DIR@
+#cmakedefine DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR @DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR@
+
 #endif

mysql-test/include/mtr_warnings.sql

--- Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+-- Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
 --
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
@@ -204,6 +204,11 @@ INSERT INTO global_suppressions VALUES
   */
  ("Found lock of type 6 that is write and read locked"),
 
+ /*
+  Warnings related to --secure-file-priv
+ */
+ ("Insecure configuration for --secure-file-priv:*"),
+
  ("THE_LAST_SUPPRESSION")||
 
 

mysql-test/include/mysqld--help.inc

@@ -18,7 +18,8 @@ perl;
   # their paths may vary:
   @skipvars=qw/basedir open-files-limit general-log-file log plugin-dir
                log-slow-queries pid-file slow-query-log-file
-			   datadir slave-load-tmpdir tmpdir socket/;
+			   datadir slave-load-tmpdir tmpdir socket
+			   secure-file-priv/;
 
   # Plugins which may or may not be there:
   @plugins=qw/innodb ndb archive blackhole federated partition ndbcluster debug temp-pool ssl des-key-file

mysql-test/mysql-test-run.pl

 #!/usr/bin/perl
 # -*- cperl -*-
 
-# Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1823,6 +1823,7 @@ sub collect_mysqld_features {
   mtr_init_args(\$args);
   mtr_add_arg($args, "--no-defaults");
   mtr_add_arg($args, "--datadir=%s", mixed_path($tmpdir));
+  mtr_add_arg($args, "--secure-file-priv=\"\"");
   mtr_add_arg($args, "--lc-messages-dir=%s", $path_language);
   mtr_add_arg($args, "--skip-grant-tables");
   mtr_add_arg($args, "--verbose");
@@ -3297,6 +3298,7 @@ sub mysql_install_db {
   mtr_add_arg($args, "--loose-skip-falcon");
   mtr_add_arg($args, "--loose-skip-ndbcluster");
   mtr_add_arg($args, "--tmpdir=%s", "$opt_vardir/tmp/");
+  mtr_add_arg($args, "--secure-file-priv=%s", "$opt_vardir");
   mtr_add_arg($args, "--core-file");
 
   if ( $opt_debug )

mysql-test/r/mysqld--help-notwin.result

@@ -923,7 +923,6 @@ report-user (No default value)
 rpl-recovery-rank 0
 safe-user-create FALSE
 secure-auth FALSE
-secure-file-priv (No default value)
 server-id 0
 show-slave-auth-info FALSE
 skip-grant-tables TRUE

mysql-test/r/mysqld--help-win.result

@@ -931,7 +931,6 @@ report-user (No default value)
 rpl-recovery-rank 0
 safe-user-create FALSE
 secure-auth FALSE
-secure-file-priv (No default value)
 server-id 0
 shared-memory FALSE
 shared-memory-base-name MYSQL

mysql-test/suite/auth_sec/r/secure_file_priv_error.result

+#-----------------------------------------------------------------------
+# Setup
+# Try to restart server with invalid value for --secure-file-priv
+# Search for : Failed to access directory for --secure-file-priv.
+# Restart completed.
+# Restart
+#-----------------------------------------------------------------------

mysql-test/suite/auth_sec/r/secure_file_priv_null.result

+#-----------------------------------------------------------------------
+# Setup
+#-----------------------------------------------------------------------
+# Search for : --secure-file-priv is set to NULL. Operations
+#              related to importing and exporting data are
+#              disabled
+show variables like 'secure_file_priv';
+Variable_name	Value
+secure_file_priv	null
+use test;
+drop table if exists secure_file_priv_test_null;
+create table secure_file_priv_test_null(c1 int);
+insert into secure_file_priv_test_null values (1), (2), (3), (4);
+select * from secure_file_priv_test_null into outfile 'blah';
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+select * from secure_file_priv_test_null into outfile 'null/blah';
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+drop table secure_file_priv_test_null;
+#-----------------------------------------------------------------------
+# Clean-up
+#-----------------------------------------------------------------------

mysql-test/suite/auth_sec/r/secure_file_priv_warnings.result

+#-----------------------------------------------------------------------
+# Setup
+#-----------------------------------------------------------------------
+# Search for : Insecure configuration for --secure-file-priv: Current
+#              value does not restrict location of generated files.
+#              Consider setting it to a valid, non-empty path.
+SHOW VARIABLES LIKE 'secure_file_priv';
+Variable_name	Value
+secure_file_priv	
+#-----------------------------------------------------------------------
+# Restart completed.
+# Search for : Insecure configuration for --secure-file-priv: Plugin
+#              directory is accessible through --secure-file-priv.
+#              Consider choosing a different directory.
+#-----------------------------------------------------------------------
+# Clean-up
+#-----------------------------------------------------------------------

mysql-test/suite/auth_sec/r/secure_file_priv_warnings_not_win.result

+#-----------------------------------------------------------------------
+# Search for : Insecure configuration for --secure-file-priv: Data
+#              directory is accessible through --secure-file-priv.
+#              Consider choosing a different directory.
+#-----------------------------------------------------------------------
+# Search for : Insecure configuration for --secure-file-priv: Location
+#              is accessible to all OS users. Consider choosing a
+#              different directory.
+#-----------------------------------------------------------------------

mysql-test/suite/auth_sec/r/secure_file_priv_warnings_win.result

+#-----------------------------------------------------------------------
+# Test 2 : Restarting mysqld with :
+#          --secure-file-priv=MYSQLTEST_VARDIR/mysqld.1/Data
+# Restart completed.
+# Search for : Insecure configuration for --secure-file-priv: Data
+#              directory is accessible through --secure-file-priv.
+#              Consider choosing a different directory.
+#-----------------------------------------------------------------------

mysql-test/suite/auth_sec/t/secure_file_priv_error.test

+--source include/no_valgrind_without_big.inc
+--source include/not_embedded.inc
+
+--echo #-----------------------------------------------------------------------
+--echo # Setup
+let restart_log= $MYSQLTEST_VARDIR/log/my_restart.err;
+let SEARCH_FILE= $restart_log;
+let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
+
+--echo # Try to restart server with invalid value for --secure-file-priv
+--exec echo "wait" > $restart_file
+--shutdown_server
+--source include/wait_until_disconnected.inc
+
+--error 0,1
+--remove_file $restart_log
+# Following should fail
+--error 1
+--exec $MYSQLD_CMD --secure-file-priv=blahblahblah --loose-console > $restart_log 2>&1
+
+--echo # Search for : Failed to access directory for --secure-file-priv.
+let SEARCH_PATTERN= Failed to access directory for --secure-file-priv;
+--source include/search_pattern_in_file.inc
+
+--remove_file $restart_log
+
+--source include/wait_until_disconnected.inc
+# Dummy argument for restart
+--exec echo "restart:" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--enable_reconnect
+--source include/wait_until_connected_again.inc
+--disable_reconnect
+--echo # Restart completed.
+
+--echo # Restart
+--disable_warnings
+--source include/force_restart.inc
+--enable_warnings
+--echo #-----------------------------------------------------------------------

mysql-test/suite/auth_sec/t/secure_file_priv_null-master.opt

+--secure-file-priv=null

mysql-test/suite/auth_sec/t/secure_file_priv_null.test

+--source include/no_valgrind_without_big.inc
+--source include/not_embedded.inc
+
+--echo #-----------------------------------------------------------------------
+--echo # Setup
+let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
+let SEARCH_FILE= $server_log;
+let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
+--echo #-----------------------------------------------------------------------
+
+--echo # Search for : --secure-file-priv is set to NULL. Operations
+--echo #              related to importing and exporting data are
+--echo #              disabled
+let SEARCH_PATTERN= --secure-file-priv is set to NULL. Operations related to importing and exporting data are disabled;
+--source include/search_pattern_in_file.inc
+
+connect(test4_con,localhost,root,,,,,);
+show variables like 'secure_file_priv';
+
+use test;
+--disable_warnings
+drop table if exists secure_file_priv_test_null;
+--enable_warnings
+create table secure_file_priv_test_null(c1 int);
+insert into secure_file_priv_test_null values (1), (2), (3), (4);
+--error 1290
+select * from secure_file_priv_test_null into outfile 'blah';
+--error 1290
+select * from secure_file_priv_test_null into outfile 'null/blah';
+drop table secure_file_priv_test_null;
+
+connection default;
+disconnect test4_con;
+
+--echo #-----------------------------------------------------------------------
+
+--echo # Clean-up
+--disable_warnings
+--source include/force_restart.inc
+--enable_warnings
+
+--echo #-----------------------------------------------------------------------

mysql-test/suite/auth_sec/t/secure_file_priv_warnings-master.opt

+--secure-file-priv=""

mysql-test/suite/auth_sec/t/secure_file_priv_warnings.test

+--source include/no_valgrind_without_big.inc
+--source include/not_embedded.inc
+
+--echo #-----------------------------------------------------------------------
+--echo # Setup
+let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
+let SEARCH_FILE= $server_log;
+let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
+let PLUGIN_DIR= $MYSQLTEST_VARDIR/tmp;
+--echo #-----------------------------------------------------------------------
+
+--echo # Search for : Insecure configuration for --secure-file-priv: Current
+--echo #              value does not restrict location of generated files.
+--echo #              Consider setting it to a valid, non-empty path.
+let SEARCH_PATTERN= Insecure configuration for --secure-file-priv: Current value does not restrict location of generated files. Consider setting it to a valid, non-empty path.;
+--source include/search_pattern_in_file.inc
+
+# Must show empty string
+SHOW VARIABLES LIKE 'secure_file_priv';
+
+--echo #-----------------------------------------------------------------------
+
+let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
+--exec echo "wait" > $restart_file
+--shutdown_server
+--source include/wait_until_disconnected.inc
+--remove_file $server_log
+--exec echo "restart:--plugin-dir=$PLUGIN_DIR --secure-file-priv=$PLUGIN_DIR" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--enable_reconnect
+--source include/wait_until_connected_again.inc
+--disable_reconnect
+--echo # Restart completed.
+
+--echo # Search for : Insecure configuration for --secure-file-priv: Plugin
+--echo #              directory is accessible through --secure-file-priv.
+--echo #              Consider choosing a different directory.
+let SEARCH_PATTERN= Insecure configuration for --secure-file-priv: Plugin directory is accessible through --secure-file-priv. Consider choosing a different directory.;
+--source include/search_pattern_in_file.inc
+
+--echo #-----------------------------------------------------------------------
+
+--echo # Clean-up
+--disable_warnings
+--source include/force_restart.inc
+--enable_warnings
+
+--echo #-----------------------------------------------------------------------

mysql-test/suite/auth_sec/t/secure_file_priv_warnings_not_win.test

+--source include/no_valgrind_without_big.inc
+--source include/not_windows.inc
+--source include/not_embedded.inc
+
+let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
+let SEARCH_FILE= $server_log;
+
+--echo #-----------------------------------------------------------------------
+
+--echo # Search for : Insecure configuration for --secure-file-priv: Data
+--echo #              directory is accessible through --secure-file-priv.
+--echo #              Consider choosing a different directory.
+let SEARCH_PATTERN= Insecure configuration for --secure-file-priv: Data directory is accessible through --secure-file-priv. Consider choosing a different directory.;
+--source include/search_pattern_in_file.inc
+
+--echo #-----------------------------------------------------------------------
+
+--echo # Search for : Insecure configuration for --secure-file-priv: Location
+--echo #              is accessible to all OS users. Consider choosing a
+--echo #              different directory.
+let SEARCH_PATTERN= Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory.;
+--source include/search_pattern_in_file.inc
+
+--echo #-----------------------------------------------------------------------

mysql-test/suite/auth_sec/t/secure_file_priv_warnings_win.test

+--source include/no_valgrind_without_big.inc
+--source include/windows.inc
+--source include/not_embedded.inc
+
+let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
+let SEARCH_FILE= $server_log;
+
+--echo #-----------------------------------------------------------------------
+
+--echo # Test 2 : Restarting mysqld with :
+--echo #          --secure-file-priv=MYSQLTEST_VARDIR/mysqld.1/Data
+
+let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
+--exec echo "wait" > $restart_file
+--shutdown_server
+--source include/wait_until_disconnected.inc
+--error 0,1
+--remove_file $server_log
+--exec echo "restart: --secure-file-priv=$MYSQLTEST_VARDIR/mysqld.1/Data" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--enable_reconnect
+--source include/wait_until_connected_again.inc
+--disable_reconnect
+--echo # Restart completed.
+
+--echo # Search for : Insecure configuration for --secure-file-priv: Data
+--echo #              directory is accessible through --secure-file-priv.
+--echo #              Consider choosing a different directory.
+let SEARCH_PATTERN= Insecure configuration for --secure-file-priv: Data directory is accessible through --secure-file-priv. Consider choosing a different directory.;
+--source include/search_pattern_in_file.inc
+
+--disable_warnings
+--source include/force_restart.inc
+--enable_warnings
+
+--echo #-----------------------------------------------------------------------

packaging/rpm-oel/mysql-systemd-start

@@ -30,6 +30,12 @@ install_db () {
     if [ -x /usr/sbin/restorecon ]; then
         /usr/sbin/restorecon "$datadir"
         /usr/sbin/restorecon $log
+        for dir in /var/lib/mysql-files ; do
+            if [ -x /usr/sbin/semanage -a -d /var/lib/mysql -a -d $dir ] ; then
+		/usr/sbin/semanage fcontext -a -e /var/lib/mysql $dir >/dev/null 2>&1
+		/sbin/restorecon $dir
+	    fi
+	done
     fi
 
     # If special mysql dir is in place, skip db install 

packaging/rpm-oel/mysql.init

@@ -82,7 +82,15 @@ start(){
 	    fi
 	    chown mysql:mysql "$datadir"
 	    chmod 0755 "$datadir"
-	    [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
+	    if [ -x /sbin/restorecon ]; then
+		/sbin/restorecon "$datadir"
+		for dir in /var/lib/mysql-files ; do
+		    if [ -x /usr/sbin/semanage -a -d /var/lib/mysql -a -d $dir ] ; then
+			/usr/sbin/semanage fcontext -a -e /var/lib/mysql $dir >/dev/null 2>&1
+			/sbin/restorecon $dir
+		    fi
+		done
+	    fi
 	    # Now create the database
 	    action $"Initializing MySQL database: " /usr/bin/mysql_install_db --rpm --datadir="$datadir" --user=mysql
 	    ret=$?

packaging/rpm-oel/mysql.spec.in

@@ -560,6 +560,7 @@ MBD=$RPM_BUILD_DIR/%{src_dir}
 install -d -m 0755 %{buildroot}%{_datadir}/mysql/SELinux/RHEL4
 install -d -m 0755 %{buildroot}/var/lib/mysql
 install -d -m 0755 %{buildroot}/var/run/mysqld
+install -d -m 0750 %{buildroot}/var/lib/mysql-files
 
 # Install all binaries
 cd $MBD/release
@@ -790,6 +791,7 @@ fi
 %attr(644, root, root) %config(noreplace,missingok) %{_sysconfdir}/logrotate.d/mysql
 %dir %attr(755, mysql, mysql) /var/lib/mysql
 %dir %attr(755, mysql, mysql) /var/run/mysqld
+%dir %attr(750, mysql, mysql) /var/lib/mysql-files
 
 %files common
 %defattr(-, root, root, -)
@@ -916,6 +918,9 @@ fi
 %endif
 
 %changelog
+* Mon Sep 26 2016 Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com> - 5.5.53-1
+- Include mysql-files directory
+
 * Tue Jul 05 2016 Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com> - 5.5.51-1
 - Remove mysql_config from client subpackage
 

packaging/rpm-sles/mysql.spec.in

@@ -425,6 +425,7 @@ MBD=$RPM_BUILD_DIR/%{src_dir}
 install -d -m 0755 %{buildroot}/var/lib/mysql
 install -d -m 0755 %{buildroot}/var/run/mysql
 install -d -m 0750 %{buildroot}/var/log/mysql
+install -d -m 0750 %{buildroot}/var/lib/mysql-files
 
 # Install all binaries
 cd $MBD/release
@@ -638,6 +639,7 @@ fi
 %dir %attr(755, mysql, mysql) /var/lib/mysql
 %dir %attr(755, mysql, mysql) /var/run/mysql
 %dir %attr(750, mysql, mysql) /var/log/mysql
+%dir %attr(750, mysql, mysql) /var/lib/mysql-files
 
 %files common
 %defattr(-, root, root, -)
@@ -783,6 +785,9 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/libmysqld.so
 
 %changelog
+* Mon Sep 26 2016 Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com> - 5.5.53-1
+- Include mysql-files directory
+
 * Tue Sep 29 2015 Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com> - 5.5.47-1
 - Added conflicts to mysql-connector-c-shared dependencies
 

packaging/solaris/postinstall-solaris.sh

 #!/bin/sh
 #
-# Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -26,6 +26,7 @@ mygroup=mysql
 myuser=mysql
 mydatadir=/var/lib/mysql
 basedir=@@basedir@@
+mysecurefiledir=/var/lib/mysql-files
 
 if [ -n "$BASEDIR" ] ; then
   basedir="$BASEDIR"
@@ -58,6 +59,11 @@ fi
 
 chown -R $myuser:$mygroup $mydatadir
 
+# Create securefile directory
+[ -d "$mysecurefiledir"  ] || mkdir -p -m 770 "$mysecurefiledir"      || exit 1
+chown -R $myuser:$mygroup $mysecurefiledir
+
+
 # Solaris patch 119255 (somewhere around revision 42) changes the behaviour
 # of pkgadd to set TMPDIR internally to a root-owned install directory.  This
 # has the unfortunate side effect of breaking running mysql_install_db with

sql/mysqld.cc

@@ -570,6 +570,7 @@ uint mysql_real_data_home_len, mysql_data_home_len= 1;
 uint reg_ext_length;
 const key_map key_map_empty(0);
 key_map key_map_full(0);                        // Will be initialized later
+char secure_file_real_path[FN_REFLEN];
 
 DATE_TIME_FORMAT global_date_format, global_datetime_format, global_time_format;
 Time_zone *default_tz;
@@ -7613,9 +7614,9 @@ bool is_secure_file_path(char *path)
   char buff1[FN_REFLEN], buff2[FN_REFLEN];
   size_t opt_secure_file_priv_len;
   /*
-    All paths are secure if opt_secure_file_path is 0
+    All paths are secure if opt_secure_file_priv is 0
   */
-  if (!opt_secure_file_priv)
+  if (!opt_secure_file_priv[0])
     return TRUE;
 
   opt_secure_file_priv_len= strlen(opt_secure_file_priv);
@@ -7623,6 +7624,9 @@ bool is_secure_file_path(char *path)
   if (strlen(path) >= FN_REFLEN)
     return FALSE;
 
+  if (!my_strcasecmp(system_charset_info, opt_secure_file_priv, "NULL"))
+    return FALSE;
+
   if (my_realpath(buff1, path, 0))
   {
     /*
@@ -7655,9 +7659,184 @@ bool is_secure_file_path(char *path)
 }
 
 
+/**
+  check_secure_file_priv_path : Checks path specified through
+  --secure-file-priv and raises warning in following cases:
+  1. If path is empty string or NULL and mysqld is not running
+     with --bootstrap mode.
+  2. If path can access data directory
+  3. If path points to a directory which is accessible by
+     all OS users (non-Windows build only)
+
+  It throws error in following cases:
+
+  1. If path normalization fails
+  2. If it can not get stats of the directory
+
+  @params NONE
+
+  Assumptions :
+  1. Data directory path has been normalized
+  2. opt_secure_file_priv has been normalized unless it is set
+     to "NULL".
+
+  @returns Status of validation
+    @retval true : Validation is successful with/without warnings
+    @retval false : Validation failed. Error is raised.
+*/
+
+bool check_secure_file_priv_path()
+{
+  char datadir_buffer[FN_REFLEN+1]={0};
+  char plugindir_buffer[FN_REFLEN+1]={0};
+  char whichdir[20]= {0};
+  size_t opt_plugindir_len= 0;
+  size_t opt_datadir_len= 0;
+  size_t opt_secure_file_priv_len= 0;
+  bool warn= false;
+  bool case_insensitive_fs;
+#ifndef _WIN32
+  MY_STAT dir_stat;
+#endif
+
+  if (!opt_secure_file_priv[0])
+  {
+    if (opt_bootstrap)
+    {
+      /*
+        Do not impose --secure-file-priv restriction
+        in --bootstrap mode
+      */
+      sql_print_information("Ignoring --secure-file-priv value as server is "
+                            "running with --bootstrap.");
+    }
+    else
+    {
+      sql_print_warning("Insecure configuration for --secure-file-priv: "
+                        "Current value does not restrict location of generated "
+                        "files. Consider setting it to a valid, "
+                        "non-empty path.");
+    }
+    return true;
+  }
+
+  /*
+    Setting --secure-file-priv to NULL would disable
+    reading/writing from/to file
+  */
+  if(!my_strcasecmp(system_charset_info, opt_secure_file_priv, "NULL"))
+  {
+    sql_print_information("--secure-file-priv is set to NULL. "
+                          "Operations related to importing and exporting "
+                          "data are disabled");
+    return true;
+  }
+
+  /*
+    Check if --secure-file-priv can access data directory
+  */
+  opt_secure_file_priv_len= strlen(opt_secure_file_priv);
+
+  /*
+    Adds dir seperator at the end.
+    This is required in subsequent comparison
+  */
+  convert_dirname(datadir_buffer, mysql_unpacked_real_data_home, NullS);
+  opt_datadir_len= strlen(datadir_buffer);
+
+  case_insensitive_fs=
+    (test_if_case_insensitive(datadir_buffer) == 1);
+
+  if (!case_insensitive_fs)
+  {
+    if (!strncmp(datadir_buffer, opt_secure_file_priv,
+          opt_datadir_len < opt_secure_file_priv_len ?
+          opt_datadir_len : opt_secure_file_priv_len))
+    {
+      warn= true;
+      strcpy(whichdir, "Data directory");
+    }
+  }
+  else
+  {
+    if (!files_charset_info->coll->strnncoll(files_charset_info,
+          (uchar *) datadir_buffer,
+          opt_datadir_len,
+          (uchar *) opt_secure_file_priv,
+          opt_secure_file_priv_len,
+          TRUE))
+    {
+      warn= true;
+      strcpy(whichdir, "Data directory");
+    }
+  }
+
+  /*
+    Don't bother comparing --secure-file-priv with --plugin-dir
+    if we already have a match against --datadir or
+    --plugin-dir is not pointing to a valid directory.
+  */
+  if (!warn && !my_realpath(plugindir_buffer, opt_plugin_dir, 0))
+  {
+    convert_dirname(plugindir_buffer, plugindir_buffer, NullS);
+    opt_plugindir_len= strlen(plugindir_buffer);
+
+    if (!case_insensitive_fs)
+    {
+      if (!strncmp(plugindir_buffer, opt_secure_file_priv,
+          opt_plugindir_len < opt_secure_file_priv_len ?
+          opt_plugindir_len : opt_secure_file_priv_len))
+      {
+        warn= true;
+        strcpy(whichdir, "Plugin directory");
+      }
+    }
+    else
+    {
+      if (!files_charset_info->coll->strnncoll(files_charset_info,
+          (uchar *) plugindir_buffer,
+          opt_plugindir_len,
+          (uchar *) opt_secure_file_priv,
+          opt_secure_file_priv_len,
+          TRUE))
+      {
+        warn= true;
+        strcpy(whichdir, "Plugin directory");
+      }
+    }
+  }
+
+
+  if (warn)
+    sql_print_warning("Insecure configuration for --secure-file-priv: "
+                      "%s is accessible through "
+                      "--secure-file-priv. Consider choosing a different "
+                      "directory.", whichdir);
+
+#ifndef _WIN32
+  /*
+     Check for --secure-file-priv directory's permission
+  */
+  if (!(my_stat(opt_secure_file_priv, &dir_stat, MYF(0))))
+  {
+    sql_print_error("Failed to get stat for directory pointed out "
+                    "by --secure-file-priv");
+    return false;
+  }
+
+  if (dir_stat.st_mode & S_IRWXO)
+    sql_print_warning("Insecure configuration for --secure-file-priv: "
+                      "Location is accessible to all OS users. "
+                      "Consider choosing a different directory.");
+#endif
+  return true;
+}
+
+
 static int fix_paths(void)
 {
   char buff[FN_REFLEN],*pos;
+  bool secure_file_priv_nonempty= false;
   convert_dirname(mysql_home,mysql_home,NullS);
   /* Resolve symlinks to allow 'mysql_home' to be a relative symlink */
   my_realpath(mysql_home,mysql_home,MYF(0));
@@ -7715,28 +7894,55 @@ static int fix_paths(void)
     Convert the secure-file-priv option to system format, allowing
     a quick strcmp to check if read or write is in an allowed dir
    */
-  if (opt_secure_file_priv)
+  if (opt_bootstrap)
+    opt_secure_file_priv= EMPTY_STR.str;
+  secure_file_priv_nonempty= opt_secure_file_priv[0] ? true : false;
+
+  if (secure_file_priv_nonempty && strlen(opt_secure_file_priv) > FN_REFLEN)
   {
-    if (*opt_secure_file_priv == 0)
+    sql_print_warning("Value for --secure-file-priv is longer than maximum "
+                      "limit of %d", FN_REFLEN-1);
+    return 1;
+  }
+
+  memset(buff, 0, sizeof(buff));
+  if (secure_file_priv_nonempty &&
+      my_strcasecmp(system_charset_info, opt_secure_file_priv, "NULL"))
+  {
+    int retval= my_realpath(buff, opt_secure_file_priv, MYF(MY_WME));
+    if (!retval)
+    {
+      convert_dirname(secure_file_real_path, buff, NullS);
+#ifdef WIN32
+      MY_DIR *dir= my_dir(secure_file_real_path, MYF(MY_DONT_SORT+MY_WME));
+      if (!dir)
       {
-      my_free(opt_secure_file_priv);
-      opt_secure_file_priv= 0;
+        retval= 1;
       }
       else
       {
-      if (strlen(opt_secure_file_priv) >= FN_REFLEN)
-        opt_secure_file_priv[FN_REFLEN-1]= '\0';
-      if (my_realpath(buff, opt_secure_file_priv, 0))
+        my_dirend(dir);
+      }
+#endif
+    }
+
+    if (retval)
     {
-        sql_print_warning("Failed to normalize the argument for --secure-file-priv.");
+      char err_buffer[FN_REFLEN];
+      my_snprintf(err_buffer, FN_REFLEN-1,
+                  "Failed to access directory for --secure-file-priv."
+                  " Please make sure that directory exists and is "
+                  "accessible by MySQL Server. Supplied value : %s",
+                  opt_secure_file_priv);
+      err_buffer[FN_REFLEN-1]='\0';
+      sql_print_error("%s", err_buffer);
       return 1;
     }
-      char *secure_file_real_path= (char *)my_malloc(FN_REFLEN, MYF(MY_FAE));
-      convert_dirname(secure_file_real_path, buff, NullS);
-      my_free(opt_secure_file_priv);
     opt_secure_file_priv= secure_file_real_path;
   }
-  }
+
+  if (!check_secure_file_priv_path())
+    return 1;
 
   return 0;
 }

sql/sql_class.cc

@@ -68,6 +68,8 @@
 char internal_table_name[2]= "*";
 char empty_c_string[1]= {0};    /* used for not defined db */
 
+LEX_STRING EMPTY_STR= { (char *) "", 0 };
+
 const char * const THD::DEFAULT_WHERE= "field list";
 
 

sql/sql_class.h

@@ -105,6 +105,7 @@ enum enum_filetype { FILETYPE_CSV, FILETYPE_XML };
 
 extern char internal_table_name[2];
 extern char empty_c_string[1];
+extern LEX_STRING EMPTY_STR;
 extern MYSQL_PLUGIN_IMPORT const char **errmesg;
 
 extern bool volatile shutdown_in_progress;

sql/sys_vars.cc

@@ -1941,8 +1941,12 @@ static Sys_var_charptr Sys_secure_file_priv(
        "secure_file_priv",
        "Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files "
        "within specified directory",
-       PREALLOCATED READ_ONLY GLOBAL_VAR(opt_secure_file_priv),
-       CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(0));
+       READ_ONLY GLOBAL_VAR(opt_secure_file_priv),
+#ifndef EMBEDDED_LIBRARY
+       CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(DEFAULT_SECURE_FILE_PRIV_DIR));
+#else
+       CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR));
+#endif
 
 static bool fix_server_id(sys_var *self, THD *thd, enum_var_type type)
 {

support-files/mysql.spec.sh

-# Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -562,6 +562,7 @@ install -d $RBR%{_includedir}
 install -d $RBR%{_libdir}
 install -d $RBR%{_mandir}
 install -d $RBR%{_sbindir}
+install -d $RBR/var/lib/mysql-files
 
 mkdir -p $RBR%{_sysconfdir}/my.cnf.d
 
@@ -1141,6 +1142,7 @@ echo "====="                                     >> $STATUS_HISTORY
 %attr(755, root, root) %{_sysconfdir}/init.d/mysql
 
 %attr(755, root, root) %{_datadir}/mysql/
+%dir %attr(750, mysql, mysql) /var/lib/mysql-files
 
 # ----------------------------------------------------------------------------
 %files -n MySQL-client%{product_suffix}
@@ -1226,6 +1228,9 @@ echo "====="                                     >> $STATUS_HISTORY
 # merging BK trees)
 ##############################################################################
 %changelog
+* Mon Sep 26 2016 Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com>
+- Include mysql-files directory
+
 * Wed Jul 02 2014 Bjorn Munch <bjorn.munch@oracle.com>
 - Disable dtrace unconditionally, breaks after we install Oracle dtrace