From d06e2f922354bb1f98f5fe434ea5445c99af215d Mon Sep 17 00:00:00 2001
From: "svoj@mysql.com/june.mysql.com" <>
Date: Tue, 6 Nov 2007 18:09:33 +0400
Subject: BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE

RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
the file to which the symlink points.

This is security issue, because it is possible to create a table with
some name in some non-system database and set DATA/INDEX DIRECTORY
to mysql system database. Renaming this table to one of mysql system
tables (e.g. user, host) would overwrite the system table.

Return an error when the file to which the symlink points exist.
---
 mysql-test/r/symlink.result | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'mysql-test/r')

diff --git a/mysql-test/r/symlink.result b/mysql-test/r/symlink.result
index d07a8613883..e2b26cb508c 100644
--- a/mysql-test/r/symlink.result
+++ b/mysql-test/r/symlink.result
@@ -84,3 +84,9 @@ t1	CREATE TABLE `t1` (
   `b` int(11) default NULL
 ) TYPE=MyISAM
 drop table t1;
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/var/master-data/mysql'
+INDEX DIRECTORY='TEST_DIR/var/master-data/mysql';
+RENAME TABLE t1 TO user;
+Can't create/write to file 'TEST_DIR/var/master-data/mysql/user.MYI' (Errcode: 17)
+DROP TABLE t1;
-- 
cgit v1.2.1