[MDEV-395] PR_SET_DUMPABLE set in unreachable code - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.5.25
Fix Version/s: 5.5.27
Component/s: None
Labels:
None
Environment:
linux

Description

There has been a patch in MySQL 5.0.44 (see mysql bugs #21723 / #21361) that would enable core dumps on Linux even when setuid() was used on mysqld by setting "prctl(PR_SET_DUMPABLE, 1);"

This is actually dead code though as it was placed behind the final error handling block in the check_user() function in sql/mysqld.cc, right after an unconditional unireg_abort() call. So this can never actually have worked.

Proposed fix: call prctl() directly after changing the user id in set_user()/set_effective_user() instead. (this is actually the place where Deans patch from bug #21723 suggested to add the pcrtl() call, no idea why it was added in a completely different place instead ...)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

patch-prctl.txt
1 kB
2012-07-13 12:46

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Hartmut Holzgraefe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2012-07-13 12:46

Updated:: 2012-09-02 00:07

Resolved:: 2012-09-02 00:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.