mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-31 19:11:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/r/secure_file_priv_win.result
Georgi Kodinov 59d7516005 Bug #11764517: 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV 
USING '..' ON WINDOWS

Backport of the fix to 5.0 (to be null-merged to 5.1).
Moved the test into the main test suite. 
Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
are now properly recognized by secure_file_priv.
Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
that are checked against secure_file_priv in a correct way similarly to 5.1 
by the extended is_secure_file_path() backport before the comparison.
Added an extensive test with all the variants of upper/lower case, 
slash/backslash and case sensitivity.
Added few comments to the code.
2011-04-28 12:22:41 +03:00

38 lines
1.5 KiB
Text
Raw Blame History

CREATE TABLE t1 (c1 longtext);
INSERT INTO t1 values ('a');
SELECT * FROM t1 INTO OUTFILE 'd:/mysql/work/test-5.0-security/mysql-test/var/tmp/B11764517.tmp';
show global variables like 'secure_file_priv';
Variable_name Value
secure_file_priv MYSQL_TMP_DIR/
SELECT load_file('MYSQL_TMP_DIR\\B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_UCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_LCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp') AS x;
x
NULL
LOAD DATA INFILE 'MYSQL_TMP_DIR\\B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_UCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_LCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE "MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp" into table t1;
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517-2.tmp';
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\B11764517-2.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR/B11764517-3.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_UCASE/B11764517-4.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_LCASE/B11764517-5.tmp';
DROP TABLE t1;
Reference in a new issue View git blame Copy permalink