Bug#27919254 MYSQL USER ESCALATES ITS PRIVILEGE BY PLACING ARBITRARY PIDS INTO ITS PID FILES
This commit is contained in:
parent
98f15dac60
commit
73e1ffdc68
@ -128,8 +128,9 @@ esac
|
|||||||
|
|
||||||
parse_server_arguments() {
|
parse_server_arguments() {
|
||||||
for arg do
|
for arg do
|
||||||
|
val=`echo "$arg" | sed -e 's/^[^=]*=//'`
|
||||||
case "$arg" in
|
case "$arg" in
|
||||||
--basedir=*) basedir=`echo "$arg" | sed -e 's/^[^=]*=//'`
|
--basedir=*) basedir="$val"
|
||||||
bindir="$basedir/bin"
|
bindir="$basedir/bin"
|
||||||
if test -z "$datadir_set"; then
|
if test -z "$datadir_set"; then
|
||||||
datadir="$basedir/data"
|
datadir="$basedir/data"
|
||||||
@ -143,14 +144,15 @@ parse_server_arguments() {
|
|||||||
fi
|
fi
|
||||||
libexecdir="$basedir/libexec"
|
libexecdir="$basedir/libexec"
|
||||||
;;
|
;;
|
||||||
--datadir=*) datadir=`echo "$arg" | sed -e 's/^[^=]*=//'`
|
--datadir=*) datadir="$val"
|
||||||
datadir_set=1
|
datadir_set=1
|
||||||
;;
|
;;
|
||||||
--log-basename=*|--hostname=*|--loose-log-basename=*)
|
--log-basename=*|--hostname=*|--loose-log-basename=*)
|
||||||
mysqld_pid_file_path=`echo "$arg.pid" | sed -e 's/^[^=]*=//'`
|
mysqld_pid_file_path="$val.pid"
|
||||||
;;
|
;;
|
||||||
--pid-file=*) mysqld_pid_file_path=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
|
--pid-file=*) mysqld_pid_file_path="$val" ;;
|
||||||
--service-startup-timeout=*) service_startup_timeout=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
|
--service-startup-timeout=*) service_startup_timeout="$val" ;;
|
||||||
|
--user=*) user="$val"; ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -182,6 +184,12 @@ else
|
|||||||
test -z "$print_defaults" && print_defaults="my_print_defaults"
|
test -z "$print_defaults" && print_defaults="my_print_defaults"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
user='@MYSQLD_USER@'
|
||||||
|
|
||||||
|
su_kill() {
|
||||||
|
su - $user -s /bin/sh -c "kill $*" >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Read defaults file from 'basedir'. If there is no defaults file there
|
# Read defaults file from 'basedir'. If there is no defaults file there
|
||||||
# check if it's in the old (depricated) place (datadir) and read it from there
|
# check if it's in the old (depricated) place (datadir) and read it from there
|
||||||
@ -210,7 +218,7 @@ wait_for_gone () {
|
|||||||
|
|
||||||
while test $i -ne $service_startup_timeout ; do
|
while test $i -ne $service_startup_timeout ; do
|
||||||
|
|
||||||
if kill -0 "$pid" 2>/dev/null; then
|
if su_kill -0 "$pid" ; then
|
||||||
: # the server still runs
|
: # the server still runs
|
||||||
else
|
else
|
||||||
if test ! -s "$pid_file_path"; then
|
if test ! -s "$pid_file_path"; then
|
||||||
@ -250,7 +258,7 @@ wait_for_ready () {
|
|||||||
if $bindir/mysqladmin ping >/dev/null 2>&1; then
|
if $bindir/mysqladmin ping >/dev/null 2>&1; then
|
||||||
log_success_msg
|
log_success_msg
|
||||||
return 0
|
return 0
|
||||||
elif kill -0 $! 2>/dev/null ; then
|
elif kill -0 $! ; then
|
||||||
: # mysqld_safe is still running
|
: # mysqld_safe is still running
|
||||||
else
|
else
|
||||||
# mysqld_safe is no longer running, abort the wait loop
|
# mysqld_safe is no longer running, abort the wait loop
|
||||||
@ -319,10 +327,9 @@ case "$mode" in
|
|||||||
then
|
then
|
||||||
mysqld_pid=`cat "$mysqld_pid_file_path"`
|
mysqld_pid=`cat "$mysqld_pid_file_path"`
|
||||||
|
|
||||||
if (kill -0 $mysqld_pid 2>/dev/null)
|
if su_kill -0 $mysqld_pid ; then
|
||||||
then
|
|
||||||
echo $echo_n "Shutting down MariaDB"
|
echo $echo_n "Shutting down MariaDB"
|
||||||
kill $mysqld_pid
|
su_kill $mysqld_pid
|
||||||
# mysqld should remove the pid file when it exits, so wait for it.
|
# mysqld should remove the pid file when it exits, so wait for it.
|
||||||
wait_for_gone $mysqld_pid "$mysqld_pid_file_path"; return_value=$?
|
wait_for_gone $mysqld_pid "$mysqld_pid_file_path"; return_value=$?
|
||||||
else
|
else
|
||||||
@ -355,7 +362,7 @@ case "$mode" in
|
|||||||
'reload'|'force-reload')
|
'reload'|'force-reload')
|
||||||
if test -s "$mysqld_pid_file_path" ; then
|
if test -s "$mysqld_pid_file_path" ; then
|
||||||
read mysqld_pid < "$mysqld_pid_file_path"
|
read mysqld_pid < "$mysqld_pid_file_path"
|
||||||
kill -HUP $mysqld_pid && log_success_msg "Reloading service MariaDB"
|
su_kill -HUP $mysqld_pid && log_success_msg "Reloading service MariaDB"
|
||||||
touch "$mysqld_pid_file_path"
|
touch "$mysqld_pid_file_path"
|
||||||
else
|
else
|
||||||
log_failure_msg "MariaDB PID file could not be found!"
|
log_failure_msg "MariaDB PID file could not be found!"
|
||||||
@ -366,7 +373,7 @@ case "$mode" in
|
|||||||
# First, check to see if pid file exists
|
# First, check to see if pid file exists
|
||||||
if test -s "$mysqld_pid_file_path" ; then
|
if test -s "$mysqld_pid_file_path" ; then
|
||||||
read mysqld_pid < "$mysqld_pid_file_path"
|
read mysqld_pid < "$mysqld_pid_file_path"
|
||||||
if kill -0 $mysqld_pid 2>/dev/null ; then
|
if su_kill -0 $mysqld_pid ; then
|
||||||
log_success_msg "MariaDB running ($mysqld_pid)"
|
log_success_msg "MariaDB running ($mysqld_pid)"
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
|
Loading…
x
Reference in New Issue
Block a user