Details

    • Sprint:
      5.5.51 & 10.2.2

      Description

      Earlier MySQL used to read my.cnf from three locations, in that order:

      • /etc
      • datadir
      • $HOME/.my.cnf

      The second is particularly unsafe, because datadir is writable by the mysqld server, and a user that can connect to MySQL can create my.cnf in the datadir using SELECT ... OUTFILE. Over time various safety mechanisms were implemented:

      • mysqld no longer reads my.cnf in the datadir. Still, mysqld_safe.sh does and forces the server to, so if the server is started via mysqld_safe.sh, my.cnf in the datadir is still used.
      • --secure-file-priv command-line option limits SELECT ... OUTFILE to the specified directory, it's recommended to set it outside of datadir
      • SELECT ... OUTFILE creates files that are world-writable and mysqld refuses to read my.cnf if it is world-writable.

      But as was recently discovered by Dawid Golunski, one can abuse @@general_log_file variable to create a my.cnf in the datadir, and it will be not created world-writable, so the both mysqld_safe and mysqld will read it on startup.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                serg Sergei Golubchik
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: