mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-31 02:51:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/sql-common
History
Shishir Jaiswal ecc5a07874 Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS 
ROOT

DESCRIPTION
===========
If the .pid file is created at a world-writable location,
it can be compromised by replacing the server's pid with
another running server's (or some other non-mysql process)
PID causing abnormal behaviour.

ANALYSIS
========
In such a case, user should be warned that .pid file is
being created at a world-writable location.

FIX
===
A new function is_file_or_dir_world_writable() is defined
and it is called in create_pid_file() before .pid file
creation. If the location is world-writable, a relevant
warning is thrown.

NOTE
====
1. PID file is always created with permission bit 0664, so
for outside world its read-only.
2. Ignoring the case when permission is denied to get the
dir stats since the .pid file creation would fail anyway in
such a case.
2017-12-02 15:12:32 +05:30
..
client.c BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION 2017-03-10 01:19:50 +04:00
client_plugin.c Bug #12998841: libmysql divulges plaintext password upon request in 5.5 2012-07-05 09:55:20 +03:00
my_path_permissions.cc Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS 2017-12-02 15:12:32 +05:30
my_time.c Updated/added copyright headers 2012-02-16 10:48:16 +01:00
my_user.c Updated/added copyright headers 2011-06-30 17:46:53 +02:00
pack.c Updated/added copyright headers 2014-01-06 10:52:35 +05:30