• svoj@mysql.com/june.mysql.com's avatar
    BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE · d06e2f92
    svoj@mysql.com/june.mysql.com authored
    RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
    the file to which the symlink points.
    
    This is security issue, because it is possible to create a table with
    some name in some non-system database and set DATA/INDEX DIRECTORY
    to mysql system database. Renaming this table to one of mysql system
    tables (e.g. user, host) would overwrite the system table.
    
    Return an error when the file to which the symlink points exist.
    d06e2f92
symlink.test 3.94 KB