MySQL Bugs: #76401: Can't distinguish secure_file

Bug #76401	Can't distinguish secure_file_priv = NULL and ""
Submitted:	20 Mar 2015 3:43	Modified:	21 May 2015 14:26
Reporter:	Tsubasa Tanaka (OCA)	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Options	Severity:	S3 (Non-critical)
Version:	5.7.6, 5.7.8	OS:	Linux (CentOS 6.6)
Assigned to:		CPU Architecture:	Any

Description:
As of 5.7.6, secure_file_priv has new variety of value "NULL".
But @@secure_file_priv reports "NULL" when secure_file_priv sets both of NULL and ""(empty)

How to repeat:
$ bin/mysqld_safe --no-defaults --secure-file-priv=NULL &

mysql> SELECT @@secure_file_priv;
+--------------------+
| @@secure_file_priv |
+--------------------+
| NULL               |
+--------------------+
1 row in set (0.00 sec)

mysql> SELECT LOAD_FILE('/etc/hosts');
+-------------------------+
| LOAD_FILE('/etc/hosts') |
+-------------------------+
| NULL                    |
+-------------------------+
1 row in set (0.00 sec)

$ bin/mysqld_safe --no-defaults --secure-file-priv="" &

mysql> SELECT @@secure_file_priv;
+--------------------+
| @@secure_file_priv |
+--------------------+
| NULL               |
+--------------------+
1 row in set (0.00 sec)

mysql> SELECT LOAD_FILE('/etc/hosts');
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| LOAD_FILE('/etc/hosts')                                                                                                                                                        |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 172.17.0.3    0a8104f4882d
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Suggested fix:
Return ""(empty-string) when secure_file_priv sets ""(empty-string)

Hello Tanaka-san,

Thank you for the report.
Indeed, 'NULL' is returned in both the cases i.e when secure_file_priv is set to NULL or secure_file_priv is set to "".

Thanks,
Umesh

// warning logged is bit clearer compared the show variables returned value

[umshastr@hod03]/export/umesh/mysql-5.7.8: bin/mysqld --no-defaults --secure-file-priv=NULL --basedir=/export/umesh/mysql-5.7.8 --datadir=/export/umesh/mysql-5.7.8/76401 --socket=/tmp/mysql_ushastry.sock  --port=15000 --log-error=/export/umesh/mysql-5.7.8/76401/log.err 2>&1 &
[1] 32236
[umshastr@hod03]/export/umesh/mysql-5.7.8: 2015-03-20T06:06:54.737024Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2015-03-20T06:06:54.737114Z 0 [Note] --secure-file-priv is set to NULL. Operations related to importing and exporting data are disabled
2015-03-20T06:06:54.737173Z 0 [Note] bin/mysqld (mysqld 5.7.8-rc-enterprise-commercial-advanced) starting as process 32236 ...

[umshastr@hod03]/export/umesh/mysql-5.7.8: bin/mysql -uroot -p -S /tmp/mysql_ushastry.sock                                                                                                        Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.8-rc-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)] > SELECT @@secure_file_priv;
+--------------------+
| @@secure_file_priv |
+--------------------+
| NULL               |
+--------------------+
1 row in set (0.00 sec)

root@localhost [(none)] > SELECT LOAD_FILE('/etc/hosts');
+-------------------------+
| LOAD_FILE('/etc/hosts') |
+-------------------------+
| NULL                    |
+-------------------------+
1 row in set (0.00 sec)

root@localhost [(none)] > \q
Bye
[umshastr@hod03]/export/umesh/mysql-5.7.8: bin/mysqladmin -uroot -p -S /tmp/mysql_ushastry.sock shutdown                                                                                          Enter password:
[1]+  Done                    bin/mysqld --no-defaults --secure-file-priv=NULL --basedir=/export/umesh/mysql-5.7.8 --datadir=/export/umesh/mysql-5.7.8/76401 --socket=/tmp/mysql_ushastry.sock --port=15000 --log-error=/export/umesh/mysql-5.7.8/76401/log.err 2>&1
[umshastr@hod03]/export/umesh/mysql-5.7.8:
[umshastr@hod03]/export/umesh/mysql-5.7.8: bin/mysqld --no-defaults --secure-file-priv="" --basedir=/export/umesh/mysql-5.7.8 --datadir=/export/umesh/mysql-5.7.8/76401 --socket=/tmp/mysql_ushastry.sock  --port=15000 --log-error=/export/umesh/mysql-5.7.8/76401/log.err 2>&1 &
[1] 32281
[umshastr@hod03]/export/umesh/mysql-5.7.8: 2015-03-20T06:09:58.673857Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2015-03-20T06:09:58.673956Z 0 [Warning] Insecure configuration for --secure-file-priv: Current value does not restrict location of generated files. Consider setting it to a valid, non-empty path.
2015-03-20T06:09:58.674006Z 0 [Note] bin/mysqld (mysqld 5.7.8-rc-enterprise-commercial-advanced) starting as process 32281 ...

[umshastr@hod03]/export/umesh/mysql-5.7.8: bin/mysql -uroot -p -S /tmp/mysql_ushastry.sock                                                                                                        Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.8-rc-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)] > SELECT @@secure_file_priv;
+--------------------+
| @@secure_file_priv |
+--------------------+
| NULL               |
+--------------------+
1 row in set (0.00 sec)

root@localhost [(none)] > SELECT LOAD_FILE('/etc/hosts');
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+
| LOAD_FILE('/etc/hosts')                                                                                                                                        |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

root@localhost [(none)] >

Noted in 5.7.8, 5.8.0 changelogs.

The value of secure_file_priv displayed as NULL for both
--secure_file_priv=NULL (correct) and --secure_file_priv=""
(incorrect).