Bug#25043674 - MYSQLACCESS SCRIPT LOADS AND EXECUTES CODE

Shishir Jaiswal · Shishir Jaiswal · commit 788fb5bf678e · 2017-04-17T12:04:14.000+05:30
FROM THE CURRENT DIRECTORY

DESCRIPTION
===========
When 'mysqlaccess' tool is run, it reads (and executes) the
content of its configuration file 'mysqlaccess.conf' from
the current directory. This is not a recommended behaviour
as someone with ill intentions can insert malicious
instructions into this file which could be executed
whenever this tool is run.

ANALYSIS
========
The configuration file is presently looked for, in the
following folders (in given order):
1. Current directory
2. SYSCONFDIR       //This gets expanded
3. /etc/

Owing to the reasons mentioned above, we should not permit
the file to be in the current directory. Since the other
two folders are assumed to be accessible only to authorized
people, the config file is safe to be read from there.

FIX
===
Modified the script so that it looks for the config file
now in the following two folders (in the given order):
1. SYSCONFDIR
2. /etc/

If it's absent from above locations but present in current
directory, an error is thrown asking the user to move the
file to one of the above locations and retry.

NOTE
====
The location paths and their precedence are not documented
for this tool. It needs to be noted as part of the
associated documentation.
diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
@@ -1,7 +1,7 @@
 #!/usr/bin/perl
 # -*- cperl -*-
 
-# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -2454,6 +2454,17 @@ sub environment_setup {
                         "$basedir/storage/myisam/myisampack",
                         "$basedir/myisam/myisampack"));
 
+  # ----------------------------------------------------
+  # mysqlaccess
+  # ----------------------------------------------------
+  my $mysqlaccess=
+    mtr_pl_maybe_exists("$bindir/scripts/mysqlaccess") ||
+    mtr_pl_maybe_exists("$path_client_bindir/mysqlaccess");
+  if ($mysqlaccess)
+  {
+    $ENV{'MYSQLACCESS'}= $mysqlaccess;
+  }
+
   # ----------------------------------------------------
   # mysqlhotcopy
   # ----------------------------------------------------
diff --git a/scripts/mysqlaccess.sh b/scripts/mysqlaccess.sh
@@ -477,15 +477,22 @@ MySQLaccess::Report::Print_Header();
 # *****************************
 # Read configuration-file
   MySQLaccess::Debug::Print(1, "Reading configuration file...");
-  if (-f "./$script_conf") {
-     require "./$script_conf";
-  }
-  elsif (-f "@sysconfdir@/$script_conf") {
+  if (-f "@sysconfdir@/$script_conf") {
+     print "Configuration file '$script_conf' is found in '@sysconfdir@/'\n";
      require "@sysconfdir@/$script_conf";
   }
   elsif (-f "/etc/$script_conf") {
+     print "Configuration file '$script_conf' is found in '/etc/'\n";
      require "/etc/$script_conf";
   }
+  elsif (-f "./$script_conf") {
+     print "\nERROR! Configuration file '$script_conf' is found in the current ";
+     print "directory.\nThe permissible locations for this file are either ";
+     print "@sysconfdir@/ or /etc/\n";
+     print "Please move it to one of these locations and retry.\n\n";
+     exit 0;
+  }
+
 
 # ****************************
 # Read in all parameters
