18 Commits

Author SHA1 Message Date
Shishir Jaiswal
788fb5bf67 Bug#25043674 - MYSQLACCESS SCRIPT LOADS AND EXECUTES CODE
FROM THE CURRENT DIRECTORY

DESCRIPTION
===========
When 'mysqlaccess' tool is run, it reads (and executes) the
content of its configuration file 'mysqlaccess.conf' from
the current directory. This is not a recommended behaviour
as someone with ill intentions can insert malicious
instructions into this file which could be executed
whenever this tool is run.

ANALYSIS
========
The configuration file is presently looked for, in the
following folders (in given order):
1. Current directory
2. SYSCONFDIR       //This gets expanded
3. /etc/

Owing to the reasons mentioned above, we should not permit
the file to be in the current directory. Since the other
two folders are assumed to be accessible only to authorized
people, the config file is safe to be read from there.

FIX
===
Modified the script so that it looks for the config file
now in the following two folders (in the given order):
1. SYSCONFDIR
2. /etc/

If it's absent from above locations but present in current
directory, an error is thrown asking the user to move the
file to one of the above locations and retry.

NOTE
====
The location paths and their precedence are not documented
for this tool. It needs to be noted as part of the
associated documentation.
2017-04-17 12:04:14 +05:30
Terje Rosten
5d4cfb30e5 BUG#25719975 SHEBANG HARD CODED AS /USR/BIN/PERL IN SCRIPTS, BREAKS ON FREEBSD
Use cmake variable to adjust shebang to platform.
2017-03-28 13:22:32 +02:00
Murthy Narkedimilli
496abd0814 Updated/added copyright headers 2014-01-06 10:52:35 +05:30
Kent Boortz
a5eccbc33a Bug#29716 : Bug#11746921 : MYSQL_INSTALL_DB REFERS TO THE (OBSOLETE) MYSQLBUG SCRIPT DURING INSTALLATION
Bug#68742 : Bug#16530527 : OBSOLETE BUGREPORT ADDRESSES
2013-12-14 13:05:36 +01:00
Kent Boortz
e5ce023f57 Updated/added copyright headers 2011-06-30 17:31:31 +02:00
Kent Boortz
fddb1f1b13 - Added/updated copyright headers
- Removed files specific to compiling on OS/2
- Removed files specific to SCO Unix packaging
- Removed "libmysqld/copyright", text is included in documentation
- Removed LaTeX headers for NDB Doxygen documentation
- Removed obsolete NDB files
- Removed "mkisofs" binaries
- Removed the "cvs2cl.pl" script
- Changed a few GPL texts to use "program" instead of "library"
2010-12-28 19:57:23 +01:00
Kent Boortz
48e7641f69 Use /usr/bin/perl as standard Perl install path (bug#44643) 2009-05-09 23:43:48 +02:00
df@kahlann.erinye.com
eeb82a8ed5 BUG#24780 workaround for broken installations that depend on using /etc, but were configured differently 2007-01-09 09:32:56 +01:00
df@kahlann.erinye.com
77965c013c BUG#24780 use --sysconfdir in scripts 2006-12-07 15:02:32 +01:00
serg@serg.mylan
ec9f0ef1ca Merge serg.mylan:/usr/home/serg/Abk/mysql-4.0
into serg.mylan:/usr/home/serg/Abk/mysql-4.1
2005-01-13 11:12:00 +01:00
serg@serg.mylan
1d33747d3a Symlink vulnerability fixed.
reported by Javier Fernandez-Sanguino Pena
and Debian Security Audit Team (http://www.debian.org/security/audit)
2005-01-12 23:30:54 +01:00
monty@mysql.com
f602829c75 Fix to get correct metadata when using temporary tables to create result. (Bug #2654) 2004-03-30 19:24:28 +03:00
lenz@mysql.com
12fb40460b - Rephrased two option help texts to not start with "use the ..." as this
confuses RPM's Perl module dependency checking (it adds a bogus
   requirement to "Perl(the)", as "use" is a Perl keyword). (BUG#1931)
2003-11-24 17:05:24 +01:00
lenz@mysql.com
1454f35640 - Yves mail address does not seem to be valid anymore - changed mail
address to report bugs to bugs@mysql.com (thanks to Christian Hammers
   for pointing this out) - please merge this into all other trees!
2003-02-05 11:49:51 +01:00
lenz@mysql.com
c0ed25283f - Applied various patches provided by Christian Hammers (MySQL maintainer
for the Debian project) to fix some architecture-specific problems
   and some bugs
2002-12-23 14:36:40 +01:00
monty@donna.mysql.com
b590fa2567 New benchmark test
Fixed bug in REPLACE with BDB tables
Prepare for write lock on read for BDB
Inform the handler when we want to use IGNORE / REPLACE
New manual pages
2000-12-24 15:19:00 +02:00
monty@donna.mysql.com
25106ec755 configure fixes 2000-09-14 15:10:06 +03:00
bk@work.mysql.com
f4c589ff6c Import changeset 2000-07-31 21:29:14 +02:00