Bug#21224: mysql_upgrade uses possibly insecure temporary files
We open for writing a known location, which is exploitable with a symlink attack. Now, use the EXCLusive flag, so that the presence of anything at that location causes a failure. Try once to open safely, and if failure then remove that location and try again to open safely. If both fail, then raise an error. client/mysql_upgrade.c: Open the file with the O_EXCL flag, so that a symlink attack would not work. If opening it fails, try removing something at that location, and try again. If the second time fails, then abort as previous.
Showing
Please register or sign in to comment