Bug #31102 set global general_log_file does not check that log file exists, can corrupt fil
Submitted: 20 Sep 2007 4:21 Modified: 25 Sep 2007 13:10
Reporter: Alexander Rubin Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Logging Severity:S3 (Non-critical)
Version:5.1.22-rc, 5.1.21 OS:Linux
Assigned to: Assigned Account CPU Architecture:Any
Tags: general_log_file
Triage: Triaged: D3 (Medium)

[20 Sep 2007 4:21] Alexander Rubin
Description:
set global general_log_file = '<file_name>'

<file> here can be any file to which mysqld can write. Mysqld allow to 
use existing file, even if it is ibdata1 or table.MYD, /tmp/mysql.sock or whatever.
Data appended to the end of the file.
This operation requires SUPER privilege, however, one can overwrite any files in the system (if mysqld can write to it)

Examples:
mysql> set global general_log_file = '/tmp/aaa.log';
Query OK, 0 rows affected (0.00 sec)

mysql> set global general_log_file = '/mysql_data/test/a.MYD';
Query OK, 0 rows affected (0.00 sec)

mysql> set global general_log_file = '/tmp/mysql.sock';
Query OK, 0 rows affected (0.00 sec)

In all those cases general log data was appended to the end or the real file.

How to repeat:
mysql> set global general_log_file = '/tmp/aaa.log';
Query OK, 0 rows affected (0.00 sec)

mysql> set global general_log_file = '/mysql_data/test/a.MYD';
Query OK, 0 rows affected (0.00 sec)

mysql> set global general_log_file = '/tmp/mysql.sock';
Query OK, 0 rows affected (0.00 sec)

Suggested fix:
I do not know if this a bug or not, as with SUPER privilege one can drop all tables. However, ability to write to arbitrary file in the system (to which mysqld can write) from INSIDE of the mysql looks a bit scary.

If it will not be considered a bug I would suggest adding information to the documentation page, describing that one can corrupt files.
Or add new config variables: allow_dynamic_log_files
[25 Sep 2007 13:10] Sveta Smirnova
Thank you for the report.

Verified as described.
[12 Dec 2007 0:42] Kolbe Kegel
Please note, "SUPER" does *not* give you privileges to drop any MySQL tables at all or modify any data. It allows you to perform various FLUSH, KILL, SET and other administrative commands. It also allows you to do certain ill-advised and/or potentially dangerous things with stored routines and triggers in 5.0.

By itself, however, it doesn't give you wholesale, unfettered access to any tables.
[13 Dec 2007 11:48] Sergei Golubchik
It does. It allows you to create a stored routine or a view with an arbitrary definer. it's as close to "wholesale, unfettered access to any tables" as you can get.