• cmiller@zippy.cornsilk.net's avatar
    Bug#21224: mysql_upgrade uses possibly insecure temporary files · d6b00b72
    cmiller@zippy.cornsilk.net authored
    We open for writing a known location, which is exploitable with a symlink
    attack.  Now, use the EXCLusive flag, so that the presence of anything at 
    that location causes a failure.  Try once to open safely, and if failure 
    then remove that location and try again to open safely.  If both fail, then
    raise an error.
    d6b00b72
mysql_upgrade.c 13.5 KB