Bug #53748 INDEX/DATA DIRECTORY realpath(3) race allows access to server data dir
Submitted: 18 May 2010 12:30 Modified: 27 May 2010 20:20
Reporter: Matt McCutchen Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: MyISAM storage engine Severity:S3 (Non-critical)
Version:5.1.46 OS:Linux (Fedora 12)
Assigned to: CPU Architecture:Any
Tags: Security

File: Maximum allowed size is 3MB.

If the data you need to attach is more than 3MB, you should create a compressed archive of the data and a README file that describes the data with a filename that includes the bug number (recommended filename: mysql-bug-data-53748.zip) and upload one to sftp.oracle.com. A free Oracle Web (SSO) account (the one you use to login bugs.mysql.com) and a client that supports SFTP are required in order to access the SFTP server.

To upload the file to sftp.oracle.com:

  1. Open an SFTP client and connect to sftp.oracle.com. Specify port 2021 and remote directory /support/incoming/.
  2. Log in with your newly created Oracle Web account (email address) and password.
  3. Upload the archive to /support/incoming.
  4. Once you have uploaded the file, add a comment to this bug to notify us about it.
Example: sftp -oPort=2021 -oUser=email sftp.oracle.com:/support/incoming

Usage Notes: This directory is unlistable, which means that once you have uploaded your file, you will not be able to see it. A file cannot be uploaded more than once with the same filename. The filename must be changed before attempting to upload the file again. The filename should always start with mysql-bug- prefix. Files are retained on the SFTP server for 7 days and then permanently removed.

[18 May 2010 12:31] Matt McCutchen
Demonstration kit

Attachment: mysql-symlink-race.tar.bz2 (application/x-bzip2, text), 5.96 KiB.

[26 May 2010 20:28] Matt McCutchen
User table schema file for MySQL 5.5.4

Attachment: user-schema-5.5.4.sql (application/octet-stream, text), 2.81 KiB.