Skip to content

Commit ac14374

Browse files
author
Arun Kuruvila
committed
Bug#24707666: DEFAULT SETTING FOR SECURE-FILE-PRIV SHOULD BE
 RESTRICTED IN ALL GA RELEASES Back port of WL#6782 to 5.5 and 5.6. This also includes back port of Bug#20771331, Bug#20741572 and Bug#20770671. Bug#24695274 and Bug#24679907 are also handled along with this.
1 parent 99c0fdb commit ac14374

29 files changed

+786
-37
lines changed

cmake/install_layout.cmake

+248-8
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
1+
# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
22
#
33
# This program is free software; you can redistribute it and/or modify
44
# it under the terms of the GNU General Public License as published by
@@ -22,7 +22,7 @@
2222
# and relative links. Windows zip uses the same tarball layout but without
2323
# the build prefix.
2424
#
25-
# RPM
25+
# RPM, SLES
2626
# Build as per default RPM layout, with prefix=/usr
2727
# Note: The layout for ULN RPMs differs, see the "RPM" section.
2828
#
@@ -32,10 +32,22 @@
3232
# SVR4
3333
# Solaris package layout suitable for pkg* tools, prefix=/opt/mysql/mysql
3434
#
35+
# FREEBSD, GLIBC, OSX, TARGZ
36+
# Build with prefix=/usr/local/mysql, create tarball with install prefix="."
37+
# and relative links.
38+
#
39+
# WIN
40+
# Windows zip : same as tarball layout but without the build prefix
41+
#
3542
# To force a directory layout, use -DINSTALL_LAYOUT=<layout>.
3643
#
3744
# The default is STANDALONE.
3845
#
46+
# Note : At present, RPM and SLES layouts are similar. This is also true
47+
# for layouts like FREEBSD, GLIBC, OSX, TARGZ. However, they provide
48+
# opportunity to fine-tune deployment for each platform without
49+
# affecting all other types of deployment.
50+
#
3951
# There is the possibility to further fine-tune installation directories.
4052
# Several variables can be overwritten:
4153
#
@@ -60,6 +72,7 @@
6072
# - INSTALL_SUPPORTFILESDIR (various extra support files)
6173
#
6274
# - INSTALL_MYSQLDATADIR (data directory)
75+
# - INSTALL_SECURE_FILE_PRIVDIR (--secure-file-priv directory)
6376
#
6477
# When changing this page, _please_ do not forget to update public Wiki
6578
# http://forge.mysql.com/wiki/CMake#Fine-tuning_installation_paths
@@ -69,10 +82,11 @@ IF(NOT INSTALL_LAYOUT)
6982
ENDIF()
7083

7184
SET(INSTALL_LAYOUT "${DEFAULT_INSTALL_LAYOUT}"
72-
CACHE STRING "Installation directory layout. Options are: STANDALONE (as in zip or tar.gz installer), RPM, DEB, SVR4")
85+
CACHE STRING "Installation directory layout. Options are: TARGZ (as in tar.gz installer), WIN (as in zip installer), STANDALONE, RPM, DEB, SVR4, FREEBSD, GLIBC, OSX, SLES")
7386

7487
IF(UNIX)
75-
IF(INSTALL_LAYOUT MATCHES "RPM")
88+
IF(INSTALL_LAYOUT MATCHES "RPM" OR
89+
INSTALL_LAYOUT MATCHES "SLES")
7690
SET(default_prefix "/usr")
7791
ELSEIF(INSTALL_LAYOUT MATCHES "DEB")
7892
SET(default_prefix "/opt/mysql/server-${MYSQL_BASE_VERSION}")
@@ -87,7 +101,7 @@ IF(UNIX)
87101
SET(CMAKE_INSTALL_PREFIX ${default_prefix}
88102
CACHE PATH "install prefix" FORCE)
89103
ENDIF()
90-
SET(VALID_INSTALL_LAYOUTS "RPM" "STANDALONE" "DEB" "SVR4")
104+
SET(VALID_INSTALL_LAYOUTS "RPM" "DEB" "SVR4" "FREEBSD" "GLIBC" "OSX" "TARGZ" "SLES" "STANDALONE")
91105
LIST(FIND VALID_INSTALL_LAYOUTS "${INSTALL_LAYOUT}" ind)
92106
IF(ind EQUAL -1)
93107
MESSAGE(FATAL_ERROR "Invalid INSTALL_LAYOUT parameter:${INSTALL_LAYOUT}."
@@ -99,6 +113,15 @@ IF(UNIX)
99113
MARK_AS_ADVANCED(SYSCONFDIR)
100114
ENDIF()
101115

116+
IF(WIN32)
117+
SET(VALID_INSTALL_LAYOUTS "TARGZ" "STANDALONE" "WIN")
118+
LIST(FIND VALID_INSTALL_LAYOUTS "${INSTALL_LAYOUT}" ind)
119+
IF(ind EQUAL -1)
120+
MESSAGE(FATAL_ERROR "Invalid INSTALL_LAYOUT parameter:${INSTALL_LAYOUT}."
121+
" Choose between ${VALID_INSTALL_LAYOUTS}" )
122+
ENDIF()
123+
ENDIF()
124+
102125
#
103126
# plugin_tests's value should not be used by imported plugins,
104127
# just use if(INSTALL_PLUGINTESTDIR).
@@ -109,6 +132,22 @@ FILE(GLOB plugin_tests
109132
${CMAKE_SOURCE_DIR}/internal/plugin/*/tests
110133
)
111134

135+
#
136+
# DEFAULT_SECURE_FILE_PRIV_DIR/DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR
137+
#
138+
IF(INSTALL_LAYOUT MATCHES "STANDALONE" OR
139+
INSTALL_LAYOUT MATCHES "WIN")
140+
SET(secure_file_priv_path "NULL")
141+
ELSEIF(INSTALL_LAYOUT MATCHES "RPM" OR
142+
INSTALL_LAYOUT MATCHES "SLES" OR
143+
INSTALL_LAYOUT MATCHES "SVR4" OR
144+
INSTALL_LAYOUT MATCHES "DEB")
145+
SET(secure_file_priv_path "/var/lib/mysql-files")
146+
ELSE()
147+
SET(secure_file_priv_path "${default_prefix}/mysql-files")
148+
ENDIF()
149+
SET(secure_file_priv_embedded_path "NULL")
150+
112151
#
113152
# STANDALONE layout
114153
#
@@ -134,6 +173,148 @@ SET(INSTALL_SUPPORTFILESDIR_STANDALONE "support-files")
134173
#
135174
SET(INSTALL_MYSQLDATADIR_STANDALONE "data")
136175
SET(INSTALL_PLUGINTESTDIR_STANDALONE ${plugin_tests})
176+
SET(INSTALL_SECURE_FILE_PRIVDIR_STANDALONE ${secure_file_priv_path})
177+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_STANDALONE ${secure_file_priv_embedded_path})
178+
179+
#
180+
# WIN layout
181+
#
182+
SET(INSTALL_BINDIR_WIN "bin")
183+
SET(INSTALL_SBINDIR_WIN "bin")
184+
SET(INSTALL_SCRIPTDIR_WIN "scripts")
185+
#
186+
SET(INSTALL_LIBDIR_WIN "lib")
187+
SET(INSTALL_PLUGINDIR_WIN "lib/plugin")
188+
#
189+
SET(INSTALL_INCLUDEDIR_WIN "include")
190+
#
191+
SET(INSTALL_DOCDIR_WIN "docs")
192+
SET(INSTALL_DOCREADMEDIR_WIN ".")
193+
SET(INSTALL_MANDIR_WIN "man")
194+
SET(INSTALL_INFODIR_WIN "docs")
195+
#
196+
SET(INSTALL_SHAREDIR_WIN "share")
197+
SET(INSTALL_MYSQLSHAREDIR_WIN "share")
198+
SET(INSTALL_MYSQLTESTDIR_WIN "mysql-test")
199+
SET(INSTALL_SQLBENCHDIR_WIN ".")
200+
SET(INSTALL_SUPPORTFILESDIR_WIN "support-files")
201+
#
202+
SET(INSTALL_MYSQLDATADIR_WIN "data")
203+
SET(INSTALL_PLUGINTESTDIR_WIN ${plugin_tests})
204+
SET(INSTALL_SECURE_FILE_PRIVDIR_WIN ${secure_file_priv_path})
205+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_WIN ${secure_file_priv_embedded_path})
206+
207+
#
208+
# FREEBSD layout
209+
#
210+
SET(INSTALL_BINDIR_FREEBSD "bin")
211+
SET(INSTALL_SBINDIR_FREEBSD "bin")
212+
SET(INSTALL_SCRIPTDIR_FREEBSD "scripts")
213+
#
214+
SET(INSTALL_LIBDIR_FREEBSD "lib")
215+
SET(INSTALL_PLUGINDIR_FREEBSD "lib/plugin")
216+
#
217+
SET(INSTALL_INCLUDEDIR_FREEBSD "include")
218+
#
219+
SET(INSTALL_DOCDIR_FREEBSD "docs")
220+
SET(INSTALL_DOCREADMEDIR_FREEBSD ".")
221+
SET(INSTALL_MANDIR_FREEBSD "man")
222+
SET(INSTALL_INFODIR_FREEBSD "docs")
223+
#
224+
SET(INSTALL_SHAREDIR_FREEBSD "share")
225+
SET(INSTALL_MYSQLSHAREDIR_FREEBSD "share")
226+
SET(INSTALL_MYSQLTESTDIR_FREEBSD "mysql-test")
227+
SET(INSTALL_SQLBENCHDIR_FREEBSD ".")
228+
SET(INSTALL_SUPPORTFILESDIR_FREEBSD "support-files")
229+
#
230+
SET(INSTALL_MYSQLDATADIR_FREEBSD "data")
231+
SET(INSTALL_PLUGINTESTDIR_FREEBSD ${plugin_tests})
232+
SET(INSTALL_SECURE_FILE_PRIVDIR_FREEBSD ${secure_file_priv_path})
233+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_FREEBSD ${secure_file_priv_embedded_path})
234+
235+
#
236+
# GLIBC layout
237+
#
238+
SET(INSTALL_BINDIR_GLIBC "bin")
239+
SET(INSTALL_SBINDIR_GLIBC "bin")
240+
SET(INSTALL_SCRIPTDIR_GLIBC "scripts")
241+
#
242+
SET(INSTALL_LIBDIR_GLIBC "lib")
243+
SET(INSTALL_PLUGINDIR_GLIBC "lib/plugin")
244+
#
245+
SET(INSTALL_INCLUDEDIR_GLIBC "include")
246+
#
247+
SET(INSTALL_DOCDIR_GLIBC "docs")
248+
SET(INSTALL_DOCREADMEDIR_GLIBC ".")
249+
SET(INSTALL_MANDIR_GLIBC "man")
250+
SET(INSTALL_INFODIR_GLIBC "docs")
251+
#
252+
SET(INSTALL_SHAREDIR_GLIBC "share")
253+
SET(INSTALL_MYSQLSHAREDIR_GLIBC "share")
254+
SET(INSTALL_MYSQLTESTDIR_GLIBC "mysql-test")
255+
SET(INSTALL_SQLBENCHDIR_GLIBC ".")
256+
SET(INSTALL_SUPPORTFILESDIR_GLIBC "support-files")
257+
#
258+
SET(INSTALL_MYSQLDATADIR_GLIBC "data")
259+
SET(INSTALL_PLUGINTESTDIR_GLIBC ${plugin_tests})
260+
SET(INSTALL_SECURE_FILE_PRIVDIR_GLIBC ${secure_file_priv_path})
261+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_GLIBC ${secure_file_priv_embedded_path})
262+
263+
#
264+
# OSX layout
265+
#
266+
SET(INSTALL_BINDIR_OSX "bin")
267+
SET(INSTALL_SBINDIR_OSX "bin")
268+
SET(INSTALL_SCRIPTDIR_OSX "scripts")
269+
#
270+
SET(INSTALL_LIBDIR_OSX "lib")
271+
SET(INSTALL_PLUGINDIR_OSX "lib/plugin")
272+
#
273+
SET(INSTALL_INCLUDEDIR_OSX "include")
274+
#
275+
SET(INSTALL_DOCDIR_OSX "docs")
276+
SET(INSTALL_DOCREADMEDIR_OSX ".")
277+
SET(INSTALL_MANDIR_OSX "man")
278+
SET(INSTALL_INFODIR_OSX "docs")
279+
#
280+
SET(INSTALL_SHAREDIR_OSX "share")
281+
SET(INSTALL_MYSQLSHAREDIR_OSX "share")
282+
SET(INSTALL_MYSQLTESTDIR_OSX "mysql-test")
283+
SET(INSTALL_SQLBENCHDIR_OSX ".")
284+
SET(INSTALL_SUPPORTFILESDIR_OSX "support-files")
285+
#
286+
SET(INSTALL_MYSQLDATADIR_OSX "data")
287+
SET(INSTALL_PLUGINTESTDIR_OSX ${plugin_tests})
288+
SET(INSTALL_SECURE_FILE_PRIVDIR_OSX ${secure_file_priv_path})
289+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_OSX ${secure_file_priv_embedded_path})
290+
291+
#
292+
# TARGZ layout
293+
#
294+
SET(INSTALL_BINDIR_TARGZ "bin")
295+
SET(INSTALL_SBINDIR_TARGZ "bin")
296+
SET(INSTALL_SCRIPTDIR_TARGZ "scripts")
297+
#
298+
SET(INSTALL_LIBDIR_TARGZ "lib")
299+
SET(INSTALL_PLUGINDIR_TARGZ "lib/plugin")
300+
#
301+
SET(INSTALL_INCLUDEDIR_TARGZ "include")
302+
#
303+
SET(INSTALL_DOCDIR_TARGZ "docs")
304+
SET(INSTALL_DOCREADMEDIR_TARGZ ".")
305+
SET(INSTALL_MANDIR_TARGZ "man")
306+
SET(INSTALL_INFODIR_TARGZ "docs")
307+
#
308+
SET(INSTALL_SHAREDIR_TARGZ "share")
309+
SET(INSTALL_MYSQLSHAREDIR_TARGZ "share")
310+
SET(INSTALL_MYSQLTESTDIR_TARGZ "mysql-test")
311+
SET(INSTALL_SQLBENCHDIR_TARGZ ".")
312+
SET(INSTALL_SUPPORTFILESDIR_TARGZ "support-files")
313+
#
314+
SET(INSTALL_MYSQLDATADIR_TARGZ "data")
315+
SET(INSTALL_PLUGINTESTDIR_TARGZ ${plugin_tests})
316+
SET(INSTALL_SECURE_FILE_PRIVDIR_TARGZ ${secure_file_priv_path})
317+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_TARGZ ${secure_file_priv_embedded_path})
137318

138319
#
139320
# RPM layout
@@ -169,6 +350,41 @@ SET(INSTALL_SUPPORTFILESDIR_RPM "share/mysql")
169350
#
170351
SET(INSTALL_MYSQLDATADIR_RPM "/var/lib/mysql")
171352
SET(INSTALL_PLUGINTESTDIR_RPM ${plugin_tests})
353+
SET(INSTALL_SECURE_FILE_PRIVDIR_RPM ${secure_file_priv_path})
354+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_RPM ${secure_file_priv_embedded_path})
355+
356+
#
357+
# SLES layout
358+
#
359+
SET(INSTALL_BINDIR_SLES "bin")
360+
SET(INSTALL_SBINDIR_SLES "sbin")
361+
SET(INSTALL_SCRIPTDIR_SLES "bin")
362+
#
363+
IF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
364+
SET(INSTALL_LIBDIR_SLES "lib64")
365+
SET(INSTALL_PLUGINDIR_SLES "lib64/mysql/plugin")
366+
ELSE()
367+
SET(INSTALL_LIBDIR_SLES "lib")
368+
SET(INSTALL_PLUGINDIR_SLES "lib/mysql/plugin")
369+
ENDIF()
370+
#
371+
SET(INSTALL_INCLUDEDIR_SLES "include/mysql")
372+
#
373+
#SET(INSTALL_DOCDIR_SLES unset - installed directly by SLES)
374+
#SET(INSTALL_DOCREADMEDIR_SLES unset - installed directly by SLES)
375+
SET(INSTALL_INFODIR_SLES "share/info")
376+
SET(INSTALL_MANDIR_SLES "share/man")
377+
#
378+
SET(INSTALL_SHAREDIR_SLES "share")
379+
SET(INSTALL_MYSQLSHAREDIR_SLES "share/mysql")
380+
SET(INSTALL_MYSQLTESTDIR_SLES "share/mysql-test")
381+
SET(INSTALL_SQLBENCHDIR_SLES "")
382+
SET(INSTALL_SUPPORTFILESDIR_SLES "share/mysql")
383+
#
384+
SET(INSTALL_MYSQLDATADIR_SLES "/var/lib/mysql")
385+
SET(INSTALL_PLUGINTESTDIR_SLES ${plugin_tests})
386+
SET(INSTALL_SECURE_FILE_PRIVDIR_SLES ${secure_file_priv_path})
387+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_SLES ${secure_file_priv_embedded_path})
172388

173389
#
174390
# DEB layout
@@ -193,8 +409,10 @@ SET(INSTALL_MYSQLTESTDIR_DEB "mysql-test")
193409
SET(INSTALL_SQLBENCHDIR_DEB ".")
194410
SET(INSTALL_SUPPORTFILESDIR_DEB "support-files")
195411
#
196-
SET(INSTALL_MYSQLDATADIR_DEB "data")
412+
SET(INSTALL_MYSQLDATADIR_DEB "/var/lib/mysql")
197413
SET(INSTALL_PLUGINTESTDIR_DEB ${plugin_tests})
414+
SET(INSTALL_SECURE_FILE_PRIVDIR_DEB ${secure_file_priv_path})
415+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_DEB ${secure_file_priv_embedded_path})
198416

199417
#
200418
# SVR4 layout
@@ -221,7 +439,8 @@ SET(INSTALL_SUPPORTFILESDIR_SVR4 "support-files")
221439
#
222440
SET(INSTALL_MYSQLDATADIR_SVR4 "/var/lib/mysql")
223441
SET(INSTALL_PLUGINTESTDIR_SVR4 ${plugin_tests})
224-
442+
SET(INSTALL_SECURE_FILE_PRIVDIR_SVR4 ${secure_file_priv_path})
443+
SET(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR_SVR4 ${secure_file_priv_embedded_path})
225444

226445
# Clear cached variables if install layout was changed
227446
IF(OLD_INSTALL_LAYOUT)
@@ -235,8 +454,29 @@ SET(OLD_INSTALL_LAYOUT ${INSTALL_LAYOUT} CACHE INTERNAL "")
235454
# will be defined as ${INSTALL_BINDIR_STANDALONE} by default if STANDALONE
236455
# layout is chosen)
237456
FOREACH(var BIN SBIN LIB MYSQLSHARE SHARE PLUGIN INCLUDE SCRIPT DOC MAN
238-
INFO MYSQLTEST SQLBENCH DOCREADME SUPPORTFILES MYSQLDATA PLUGINTEST)
457+
INFO MYSQLTEST SQLBENCH DOCREADME SUPPORTFILES MYSQLDATA PLUGINTEST
458+
SECURE_FILE_PRIV SECURE_FILE_PRIV_EMBEDDED)
239459
SET(INSTALL_${var}DIR ${INSTALL_${var}DIR_${INSTALL_LAYOUT}}
240460
CACHE STRING "${var} installation directory" ${FORCE})
241461
MARK_AS_ADVANCED(INSTALL_${var}DIR)
242462
ENDFOREACH()
463+
464+
#
465+
# Set DEFAULT_SECURE_FILE_PRIV_DIR
466+
# This is used as default value for --secure-file-priv
467+
#
468+
IF(INSTALL_SECURE_FILE_PRIVDIR)
469+
SET(DEFAULT_SECURE_FILE_PRIV_DIR "\"${INSTALL_SECURE_FILE_PRIVDIR}\""
470+
CACHE INTERNAL "default --secure-file-priv directory" FORCE)
471+
ELSE()
472+
SET(DEFAULT_SECURE_FILE_PRIV_DIR \"\"
473+
CACHE INTERNAL "default --secure-file-priv directory" FORCE)
474+
ENDIF()
475+
476+
IF(INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR)
477+
SET(DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR "\"${INSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR}\""
478+
CACHE INTERNAL "default --secure-file-priv directory (for embedded library)" FORCE)
479+
ELSE()
480+
SET(DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR "NULL"
481+
CACHE INTERNAL "default --secure-file-priv directory (for embedded library)" FORCE)
482+
ENDIF()

config.h.cmake

+4
Original file line numberDiff line numberDiff line change
@@ -624,4 +624,8 @@
624624
#cmakedefine SIZEOF_TIME_T @SIZEOF_TIME_T@
625625
#cmakedefine TIME_T_UNSIGNED @TIME_T_UNSIGNED@
626626

627+
/* For --secure-file-priv */
628+
#cmakedefine DEFAULT_SECURE_FILE_PRIV_DIR @DEFAULT_SECURE_FILE_PRIV_DIR@
629+
#cmakedefine DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR @DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR@
630+
627631
#endif

mysql-test/include/mtr_warnings.sql

+6-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
-- Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
1+
-- Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
22
--
33
-- This program is free software; you can redistribute it and/or modify
44
-- it under the terms of the GNU General Public License as published by
@@ -204,6 +204,11 @@ INSERT INTO global_suppressions VALUES
204204
*/
205205
("Found lock of type 6 that is write and read locked"),
206206

207+
/*
208+
Warnings related to --secure-file-priv
209+
*/
210+
("Insecure configuration for --secure-file-priv:*"),
211+
207212
("THE_LAST_SUPPRESSION")||
208213

209214

mysql-test/include/mysqld--help.inc

+2-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@ perl;
1818
# their paths may vary:
1919
@skipvars=qw/basedir open-files-limit general-log-file log plugin-dir
2020
log-slow-queries pid-file slow-query-log-file
21-
datadir slave-load-tmpdir tmpdir socket/;
21+
datadir slave-load-tmpdir tmpdir socket
22+
secure-file-priv/;
2223

2324
# Plugins which may or may not be there:
2425
@plugins=qw/innodb ndb archive blackhole federated partition ndbcluster debug temp-pool ssl des-key-file

0 commit comments

Comments
 (0)