An error occurred fetching the project authors.
  1. 26 Aug, 2008 1 commit
  2. 22 Aug, 2008 1 commit
    • Alexey Botchkov's avatar
      Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. · 69657f97
      Alexey Botchkov authored
                  
                  test_if_data_home_dir fixed to look into real path.
                  Checks added to mi_open for symlinks into data home directory.
      
      per-file messages:
              include/my_sys.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                my_is_symlink interface added
              include/myisam.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invalid_symlink interface added
              myisam/mi_check.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile calls modified
              myisam/mi_open.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                code added to mi_open to check for symlinks into data home directory.
                mi_open_datafile now accepts 'original' file path to check if it's
                an allowed symlink.
              myisam/mi_static.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invlaid_symlink defined
              myisam/myisamchk.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile call modified
              myisam/myisamdef.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile interface modified - 'real_path' parameter added
              mysql-test/r/symlink.test
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error codes corrected as some patch now rejected pointing inside datahome
              mysql-test/r/symlink.result
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error messages corrected in the result
              mysys/my_symlink.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                my_is_symlink() implementsd
                my_realpath() now returns the 'realpath' even if a file isn't a symlink
              sql/mysql_priv.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                test_if_data_home_dir interface
              sql/mysqld.cc
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invalid_symlik set with the 'test_if_data_home_dir'
              sql/sql_parse.cc
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error messages corrected
                test_if_data_home_dir code fixed
      69657f97
  3. 17 Mar, 2008 1 commit
  4. 14 Mar, 2008 1 commit
  5. 03 Mar, 2008 1 commit
  6. 29 Feb, 2008 4 commits
  7. 28 Feb, 2008 1 commit
  8. 07 Dec, 2007 1 commit
  9. 12 Nov, 2007 1 commit
  10. 06 Nov, 2007 1 commit
    • svoj@mysql.com/june.mysql.com's avatar
      BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE · d06e2f92
      svoj@mysql.com/june.mysql.com authored
      RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
      the file to which the symlink points.
      
      This is security issue, because it is possible to create a table with
      some name in some non-system database and set DATA/INDEX DIRECTORY
      to mysql system database. Renaming this table to one of mysql system
      tables (e.g. user, host) would overwrite the system table.
      
      Return an error when the file to which the symlink points exist.
      d06e2f92
  11. 13 Jul, 2007 3 commits
  12. 25 Apr, 2007 1 commit
  13. 01 Feb, 2007 1 commit
  14. 19 Jan, 2007 1 commit
  15. 17 Jan, 2007 1 commit
  16. 18 Dec, 2006 1 commit
  17. 14 Dec, 2006 2 commits
  18. 24 Jan, 2006 1 commit
  19. 08 Dec, 2005 1 commit
    • kent@mysql.com's avatar
      mysqld.cc: · e8198e79
      kent@mysql.com authored
        Bug#14960, reverted code to make symdir work on Windows
      symlink.test:
        Disabled test case on Windows
      e8198e79
  20. 28 Jul, 2005 1 commit
  21. 03 Mar, 2005 1 commit
  22. 02 Mar, 2005 1 commit
  23. 23 Feb, 2005 1 commit
  24. 18 Jan, 2005 2 commits
  25. 17 Feb, 2004 1 commit
  26. 12 Dec, 2003 1 commit
    • monty@mysql.com's avatar
      Fix autoincrement for signed columns (Bug #1366) · f995a5f4
      monty@mysql.com authored
      Fixed problem with char > 128 in QUOTE() function. (Bug #1868)
      Disable creation of symlinks if my_disable_symlink is set
      Fixed searching of TEXT with end space. (Bug #1651)
      Fixed caching bug in multi-table-update where same table was used twice. (Bug #1711)
      Fixed problem with UNIX_TIMESTAMP() for timestamps close to 0. (Bug #1998)
      Fixed timestamp.test
      f995a5f4
  27. 10 Dec, 2003 1 commit
  28. 20 Nov, 2003 1 commit
  29. 03 Nov, 2003 1 commit
    • monty@narttu.mysql.fi's avatar
      Simplified 'wrong xxx name' error messages by introducing 'general' ER_WRONG_NAME error · a444a344
      monty@narttu.mysql.fi authored
      Cleaned up (and disabled part of) date/time/datetime format patch. One can't anymore change default read/write date/time/formats.
      This is becasue the non standard datetime formats can't be compared as strings and MySQL does still a lot of datetime comparisons as strings
      Changed flag argument to str_to_TIME() and get_date() from bool to uint
      Removed THD from str_to_xxxx functions and Item class.
      Fixed core dump when doing --print-defaults
      Move some common string functions to strfunc.cc
      Dates as strings are now of type my_charset_bin instead of default_charset()
      Introduce IDENT_QUOTED to not have to create an extra copy of simple identifiers (all chars < 128)
      Removed xxx_FORMAT_TYPE enums and replaced them with the old TIMESTAMP_xxx enums
      Renamed some TIMESTAMP_xxx enums to more appropriate names
      Use defines instead of integers for date/time/datetime string lengths
      Added to build system and use the new my_strtoll10() function.
      a444a344
  30. 25 Aug, 2003 1 commit
  31. 03 Jul, 2003 1 commit
  32. 05 Jan, 2003 1 commit
  33. 28 Nov, 2001 1 commit