• Sergei Golubchik's avatar
    MDEV-11902 mi_open race condition · b27fd90a
    Sergei Golubchik authored
    TOCTOU bug. The path is checked to be valid, symlinks are resolved.
    Then the resolved path is opened. Between the check and the open,
    there's a window when one can replace some path component with a
    symlink, bypassing validity checks.
    
    Fix: after we resolved all symlinks in the path, don't allow open()
    to resolve symlinks, there should be none.
    
    Compared to the old MyISAM/Aria code:
    * fastpath. Opening of not-symlinked files is just one open(),
      no fn_format() and lstat() anymore.
    * opening of symlinked tables doesn't do fn_format() and lstat() either.
      it also doesn't to realpath() (which was lstat-ing every path
      component), instead if opens every path component with O_PATH.
    * share->data_file_name stores realpath(path) not readlink(path). So,
      SHOW CREATE TABLE needs to do lstat/readlink() now (see ::info()),
      and certain error messages (cannot open file "XXX") show the real
      file path with all symlinks resolved.
    b27fd90a
handler.cc 159 KB