mariadb

mirror/mariadb

Fork 0

mirror of https://github.com/MariaDB/server.git synced 2025-01-19 13:32:33 +01:00

Commit graph

Author	SHA1	Message	Date
Georgi Kodinov	59d7516005	Bug #11764517 : 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV USING '..' ON WINDOWS Backport of the fix to 5.0 (to be null-merged to 5.1). Moved the test into the main test suite. Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks are now properly recognized by secure_file_priv. Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE that are checked against secure_file_priv in a correct way similarly to 5.1 by the extended is_secure_file_path() backport before the comparison. Added an extensive test with all the variants of upper/lower case, slash/backslash and case sensitivity. Added few comments to the code.	2011-04-28 12:22:41 +03:00

Author

SHA1

Message

Date

Georgi Kodinov

59d7516005

Bug #11764517 : 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV

USING '..' ON WINDOWS

Backport of the fix to 5.0 (to be null-merged to 5.1).
Moved the test into the main test suite. 
Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
are now properly recognized by secure_file_priv.
Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
that are checked against secure_file_priv in a correct way similarly to 5.1 
by the extended is_secure_file_path() backport before the comparison.
Added an extensive test with all the variants of upper/lower case, 
slash/backslash and case sensitivity.
Added few comments to the code.

2011-04-28 12:22:41 +03:00

1 commit