Bug #36620 Legacy leftovers in Falcon startup I/O
Submitted: 9 May 2008 10:14 Modified: 8 Jan 2009 10:28
Reporter: Philip Stoev Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S3 (Non-critical)
Version:6.0.5 OS:Any
Assigned to: Lars-Erik Bjørk CPU Architecture:Any

[9 May 2008 10:14] Philip Stoev 
Description:
When Falcon is starting up, it makes several file opens and unlinks which appear to be leftovers from its life as a standalone database, and are not in line with the behavoir of the rest of the server. I am listing those because I am concerned that some may open the server to symlink and other attacks:

* open("falcon.conf", O_RDONLY)           = -1 ENOENT (No such file or directory)

The fact that falcon.conf is not documented anywhere, however it may be used to set Falcon options, even some that are not available for setting via mysqld.

* readlink("/opt/netfrastructure/db.FALCON_MASTER", 0xbfff5a08, 1023) = -1 ENOENT (No such file or directory)
* unlink("/opt/netfrastructure/db.FALCON_MASTER") = -1 ENOENT (No such file or directory
* symlink("/build/datadir/falcon_master.fts", "/opt/netfrastructure/db.FALCON_MASTER") = -1 ENOENT (No such file or directory)

Behavoir of Falcon if that symlink or directory exists is not defined. 

How to repeat:
$ strace -f -F ./mysqld --datadir=/build/datadir --language=/build/6.0.5/share/english/ 2> strace
$ grep falcon strace

==================

$ perl mysql-test-run.pl --start-and-exit --skip-ndb --mysqld=--falcon_debug_mask=65535
$ cat var/log/master.err
Exception: can't create symbol link /opt/netfrastructure/db.FALCON_MASTER to /build/6.0.5/mysql-test/var/master-data/falcon_master.fts

Suggested fix:
Avoid accessing files and symlinks if not needed. This would prevent potential security vulnerabilities, confusing log error messages and such.
[10 Jul 2008 9:01] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/49404

2742 lars-erik.bjork@sun.com	2008-07-10
      bug#36620 - Legacy leftovers in Falcon startup I/O
      
      Preventing Falcon from accessing falcon.conf (old netfrastructure config file) 
      and from reading, creating and unlinking netfrastructure specific symlinks.
[10 Jul 2008 14:47] Kevin Lewis 
Patch looks good. OK to push
[22 Aug 2008 19:16] Kevin Lewis 
Fix is in version 6.0.6
[8 Jan 2009 10:28] MC Brown 
A note has been added to the 6.0.6 changelog: 

FALCON would try to open a number of files during startup that are not required by the MySQL storage engine implmentation. These operations have been removed.