[PXC-1031] LP #1624400: Forbid writing log files with a .ini or .cnf ending - Percona JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- migratedfromlp
- upstream

Description

**Reported in Launchpad by Laurynas Biveinis last update 22-09-2016 10:25:29

This is to track backport of

commit 48bd8b16fe382be302c6f0b45931be5aa6f29a0e
Author: Sivert Sorumgard <[email protected]>
Date: Mon Aug 22 14:30:02 2016 +0200

Bug#24388753: PRIVILEGE ESCALATION USING MYSQLD_SAFE

[This is the 5.5/5.6 version of the bugfix].

The problem was that it was possible to write log files ending
in .ini/.cnf that later could be parsed as an options file.
This made it possible for users to specify startup options
without the permissions to do so.

This patch fixes the problem by disallowing general query log
and slow query log to be written to files ending in .ini and .cnf.

from 5.5.52 / 5.6.33 / 5.7.15

Attachments

Activity

People

Assignee:: Krunal Bauskar (Inactive)

Reporter:: lpjirasync (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Jan/18 10:38 AM

Updated:: 25/Dec/18 5:26 PM