Bug #32398 Falcon: tablespace file can be table file
Submitted: 14 Nov 2007 21:58 Modified: 15 May 2009 13:06
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S3 (Non-critical)
Version:6.0.4-alpha-debug OS:Linux (SUSE 10 64-bit)
Assigned to: Sergey Vojtovich CPU Architecture:Any
Tags: disabled, F_TABLESPACE
Triage: Triaged: D2 (Serious) / R3 (Medium) / E3 (Medium)

[14 Nov 2007 21:58] Peter Gulutzan
Description:
I create a non-Falcon table which will use file '/path/x'.
I create a Falcon tablespace which also use file '/path/x'.
So when I write to one, I'll cause a mixup with the other.
I could use this to corrupt tables for I have no privileges,
or just to crash the server.

How to repeat:
The assumption is that /usr/local/mysql/var is the
default directory -- if it's not, change occurrences
of '/usr/local/mysql/var' in instructions that follow.

Shut down mysqld server.
Destroy all files on /usr/local/mysql/var.
Run mysql_install_db so there's a new clean directory.
Start mysqld server.
Start client.

On client:
create database m;
use m
create table t2 (s1 int);
create tablespace m2 add datafile '/usr/local/mysql/var/m/t2.par' engine=falcon;
alter table t2 partition by hash(s1);
insert into t2 values (1);
create table t3 (s1 int) tablespace m2;
insert into t3 values (1);
quit

Use mysqladmin to shut down mysqld server.
Restart mysqld server.
Restart client.

On client:
use m
alter table t2 tablespace  m2;
insert into t3 values (4);
alter table t3 engine=falcon;

The last ALTER will cause a crash;

Example:

linux:/home/pgulutzan/mysql-5.1 # /usr/local/mysql/bin/mysql --user=root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 6.0.4-alpha-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database m;
Query OK, 1 row affected (0.00 sec)

mysql> use m
Database changed
mysql> create table t2 (s1 int);
Query OK, 0 rows affected (0.00 sec)

mysql> create tablespace m2 add datafile '/usr/local/mysql/var/m/t2.par' engine=falcon;
Query OK, 0 rows affected (0.23 sec)

mysql> alter table t2 partition by hash(s1);
Query OK, 0 rows affected (0.04 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> insert into t2 values (1);
Query OK, 1 row affected (0.01 sec)

mysql> create table t3 (s1 int) tablespace m2;
Query OK, 0 rows affected (0.01 sec)

mysql> insert into t3 values (1);
Query OK, 1 row affected (0.00 sec)

mysql> quit
Bye
linux:/home/pgulutzan/mysql-5.1 # /usr/local/mysql/bin/mysqladmin --user=root shutdown
linux:/home/pgulutzan/mysql-5.1 # /usr/local/mysql/bin/mysql --user=root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 6.0.4-alpha-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use m
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> alter table t2 tablespace  m2;
Query OK, 1 row affected (0.06 sec)
Records: 1  Duplicates: 0  Warnings: 0

mysql> insert into t3 values (4);
Query OK, 1 row affected (0.00 sec)

mysql> alter table t3 engine=falcon;
ERROR 2013 (HY000): Lost connection to MySQL server during query
[20 Nov 2007 3:47] Kevin Lewis
Sergey, Here is another bug related to tablespace naming.  Since you are in the area, maybe you can figure out where to prevent this kind of naming problem.  Please check if it can occur with any other storage engine.
[20 Nov 2007 11:38] Godofredo Miguel Solorzano
Thank you for the bug report. Verified as described.
[10 Apr 2008 12:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45186

ChangeSet@1.2634, 2008-04-10 16:28:11+05:00, svoj@mysql.com +3 -0
  BUG#32398 - Falcon: tablespace file can be table file
  
  Falcon allows to create tablespace data files inside data base. That
  means users could corrupt data in tables or crash a server.
  
  This bug is similiar to BUG32167.
  
  Fixed by rejecting tablespace data file names, pointing to
  data_home/database_name directory.
  
  Note that a check for data file name correctness seem to be engine
  specific. At least it looks like NDB data files are created by
  different process, which may run on a different host. That means
  rules that are good for falcon wouldn't work with NDB.
[5 Aug 2008 16:45] Sergey Vojtovich
Was pushed to 6.0.6.
[28 Aug 2008 15:42] Kevin Lewis
Sergey, please have another look at this.
[19 Nov 2008 10:35] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/59191

2918 Sergey Vojtovich	2008-11-19
      BUG#32398 - Falcon: tablespace file can be table file
      
      This is second attempt to fix this bug. Sometime after
      first fix logic of test_if_data_home_dir() has changed,
      thus the fix was reverted.
      
      Falcon allows to create tablespace data files inside data base. That
      means users could corrupt data in tables or crash a server.
      
      Fixed by rejecting tablespace data file names, pointing to
      data_home/database_name directory.
[12 Dec 2008 10:06] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/61454

2934 Sergey Vojtovich	2008-12-12
      BUG#32398 - Falcon: tablespace file can be table file
      
      It was possible to create Falcon tablespace data files in
      MySQL database directory with potential MyISAM/partitioning
      index/data file names. Later MyISAM/partiotioning may
      silently overwrite Falcon tablespace data file.
      
      E.g.:
      CREATE TABLESPACE ts1 ADD DATAFILE 'test/t1.MYD' ENGINE=Falcon;
      CREATE TABLE test.t1(a INT);
      
      The second statement overwrites Falcon tablespace file.
      
      The original patch for this bug was commented out some
      time ago - it caused some problems and was considered
      to be incorrect.
      
      With this fix, when creating Falcon tablespace, we append
      '.fts' extention to it's data file name if the provided
      name doesn't end up with '.fts' already.
[12 Dec 2008 12:30] Kevin Lewis
Patch looks good, OK to push
[15 Dec 2008 9:39] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/61648

2934 Sergey Vojtovich	2008-12-15
      BUG#32398 - Falcon: tablespace file can be table file
      
      It was possible to create Falcon tablespace data files in
      MySQL database directory with potential MyISAM/partitioning
      index/data file names. Later MyISAM/partitioning may
      silently overwrite Falcon tablespace data file.
      
      E.g.:
      CREATE TABLESPACE ts1 ADD DATAFILE 'test/t1.MYD' ENGINE=Falcon;
      CREATE TABLE test.t1(a INT) ENGINE=MyISAM;
      
      The second statement overwrites Falcon tablespace file.
      
      The original patch for this bug was commented out some
      time ago - it caused some problems and was considered
      to be incorrect.
      
      With this fix, when creating Falcon tablespace, we append
      '.fts' extention to it's data file name if the provided
      name doesn't end up with '.fts' already.
[13 Feb 2009 7:25] Bugs System
Pushed into 6.0.10-alpha (revid:alik@sun.com-20090211182317-uagkyj01fk30p1f8) (version source revid:svoj@mysql.com-20081215083644-m6vg2y3jde80nbpm) (merge vers: 6.0.9-alpha) (pib:6)
[15 May 2009 13:06] MC Brown
An entry has been added to the 6.0.10 changelog: 

Falcon would allow you to create a Falcon TABLESPACE with the same filename as existing datafiles (including datafiles of other engines). All Falcon tablespaces are now created with a .fts extension, regardless of the specified filename.