[MDEV-11902] mi_open race condition - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 5.5, 10.0, 10.1, 10.2
Fix Version/s: 5.5.55, 10.0.30, 10.1.22, 10.2.5
Component/s: Data Definition - Alter Table
Labels:
None

Sprint:
5.5.55

Description

In one created a MyISAM table with DATA_DIRECTORY or INDEX_DIRECTORY attributes (that is, with symlinks) mi_open() and mi_delete() used the pattern of

expand all symlinks with realpath()
verify that the true path isn't leading into a datadir
open (or, accordingly, delete) the file

This is race condition prone, one can change the symlink after it was expanded by realpath() but before the file is opened.

Attachments

Issue Links

links to

CVE-2017-3313

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-01-24 14:36

Updated:: 2017-04-18 08:54

Resolved:: 2017-02-27 11:47

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.