From 5d4cfb30e517e861defd9728e88f37ef6072becb Mon Sep 17 00:00:00 2001 From: Terje Rosten Date: Tue, 28 Mar 2017 13:22:32 +0200 Subject: BUG#25719975 SHEBANG HARD CODED AS /USR/BIN/PERL IN SCRIPTS, BREAKS ON FREEBSD Use cmake variable to adjust shebang to platform. --- scripts/mysqlaccess.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts/mysqlaccess.sh') diff --git a/scripts/mysqlaccess.sh b/scripts/mysqlaccess.sh index 4ca3b2d3686..03810e95b72 100644 --- a/scripts/mysqlaccess.sh +++ b/scripts/mysqlaccess.sh @@ -1,6 +1,6 @@ -#!/usr/bin/perl +#!@PERL_PATH@ -# Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU Library General Public -- cgit v1.2.1 From 788fb5bf678e2854fd2936cf6ac8d8f46f7c90c4 Mon Sep 17 00:00:00 2001 From: Shishir Jaiswal Date: Mon, 17 Apr 2017 12:04:14 +0530 Subject: Bug#25043674 - MYSQLACCESS SCRIPT LOADS AND EXECUTES CODE FROM THE CURRENT DIRECTORY DESCRIPTION =========== When 'mysqlaccess' tool is run, it reads (and executes) the content of its configuration file 'mysqlaccess.conf' from the current directory. This is not a recommended behaviour as someone with ill intentions can insert malicious instructions into this file which could be executed whenever this tool is run. ANALYSIS ======== The configuration file is presently looked for, in the following folders (in given order): 1. Current directory 2. SYSCONFDIR //This gets expanded 3. /etc/ Owing to the reasons mentioned above, we should not permit the file to be in the current directory. Since the other two folders are assumed to be accessible only to authorized people, the config file is safe to be read from there. FIX === Modified the script so that it looks for the config file now in the following two folders (in the given order): 1. SYSCONFDIR 2. /etc/ If it's absent from above locations but present in current directory, an error is thrown asking the user to move the file to one of the above locations and retry. NOTE ==== The location paths and their precedence are not documented for this tool. It needs to be noted as part of the associated documentation. --- scripts/mysqlaccess.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'scripts/mysqlaccess.sh') diff --git a/scripts/mysqlaccess.sh b/scripts/mysqlaccess.sh index 03810e95b72..85112a59ee4 100644 --- a/scripts/mysqlaccess.sh +++ b/scripts/mysqlaccess.sh @@ -477,15 +477,22 @@ MySQLaccess::Report::Print_Header(); # ***************************** # Read configuration-file MySQLaccess::Debug::Print(1, "Reading configuration file..."); - if (-f "./$script_conf") { - require "./$script_conf"; - } - elsif (-f "@sysconfdir@/$script_conf") { + if (-f "@sysconfdir@/$script_conf") { + print "Configuration file '$script_conf' is found in '@sysconfdir@/'\n"; require "@sysconfdir@/$script_conf"; } elsif (-f "/etc/$script_conf") { + print "Configuration file '$script_conf' is found in '/etc/'\n"; require "/etc/$script_conf"; } + elsif (-f "./$script_conf") { + print "\nERROR! Configuration file '$script_conf' is found in the current "; + print "directory.\nThe permissible locations for this file are either "; + print "@sysconfdir@/ or /etc/\n"; + print "Please move it to one of these locations and retry.\n\n"; + exit 0; + } + # **************************** # Read in all parameters -- cgit v1.2.1