diff options
| author | unknown <msvensson@pilot.mysql.com> | 2007-02-14 14:44:34 +0100 |
|---|---|---|
| committer | unknown <msvensson@pilot.mysql.com> | 2007-02-14 14:44:34 +0100 |
| commit | c4ae01e6f0e9055f0e541aa42a653c6ab0e24b7b (patch) | |
| tree | f44f19f58dde92ae9260a654f9d2d1be4cd163f5 /mysql-test/t/loaddata.test | |
| parent | e04d00100429373fc4575895cbd282d1289e6dbd (diff) | |
| download | mariadb-git-c4ae01e6f0e9055f0e541aa42a653c6ab0e24b7b.tar.gz | |
Bug#18628 mysql-test-run: security problem(part1)
- Implement --secure-file-priv=<dir> option that limits
"load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work
with files in specified dir.
- Use above option for mysqld in mysql-test-run.pl
mysql-test/mysql-test-run.pl:
Add usage of --secure-file-priv=vardir when starting mysqld
mysql-test/r/loaddata.result:
Update test result after adding test to check that secure-file-priv
works for "load data" and "load_file"
mysql-test/r/outfile.result:
Update result
mysql-test/r/query_cache.result:
Can't load from outside of vardir anymore
mysql-test/r/type_blob.result:
Can't load from outside of vardir anymore
mysql-test/t/loaddata.test:
Update test result after adding test to check that secure-file-priv
works for "load data" and "load_file"
mysql-test/t/outfile.test:
Update test result after adding test to check that secure-file-priv
works for "SELECT .. INTO OUTFILE"
mysql-test/t/query_cache.test:
Can't load from outside of vardir anymore
mysql-test/t/type_blob.test:
Can't load from outside of vardir anymore
sql/item_strfunc.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/mysql_priv.h:
Add secure_file_priv
sql/mysqld.cc:
Add "--secure_file_priv"
sql/set_var.cc:
Add variable "secure_file_priv" to "show variables"
sql/sql_class.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/sql_class.h:
Fix spelling error
sql/sql_load.cc:
Check that the path "load_file" uses for the file is within
what's specified with --secure-file-priv
sql/share/errmsg.txt:
Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded
to --skip-grant-tables
Diffstat (limited to 'mysql-test/t/loaddata.test')
| -rw-r--r-- | mysql-test/t/loaddata.test | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/mysql-test/t/loaddata.test b/mysql-test/t/loaddata.test index 27c8005ca0c..0dc91c36a09 100644 --- a/mysql-test/t/loaddata.test +++ b/mysql-test/t/loaddata.test @@ -110,6 +110,29 @@ truncate table t1; load data infile '../std_data_ln/rpl_loaddata.dat' into table t1 (@dummy,@n) set a= @n, c= (select str from t2 where num=@n); select * from t1; +# +# Bug#18628 mysql-test-run: security problem +# +# It should not be possible to load from a file outside of vardir + +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +show variables like "secure_file_pri%"; +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +select @@secure_file_priv; +--error 1238 +set @@secure_file_priv= 0; + +# Test "load data" +truncate table t1; +--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +--error 1290 +eval load data infile '$MYSQL_TEST_DIR/Makefile' into table t1; +select * from t1; + +# Test "load_file" returns NULL +--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +eval select load_file("$MYSQL_TEST_DIR/Makefile"); + # cleanup drop table t1, t2; |