Skip to content
Permalink
Browse files
MDEV-8743: fopen mode e (glibc only) to prevent galera SST scripts ac…
…cessing server files

For RemoteDatafile::read_link_file and buffer poool dumps

Note: STR_O_CLOEXEC needs to be at the end of the fopen otherwise
fopen will return EINVAL.
  • Loading branch information
grooverdan committed Mar 5, 2018
1 parent 5cf0662 commit 0a63c91
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 3 deletions.
@@ -591,6 +591,11 @@ typedef SOCKET_SIZE_TYPE size_socket;
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#ifdef __GLIBC__
#define STR_O_CLOEXEC "e"
#else
#define STR_O_CLOEXEC ""
#endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 0
#endif
@@ -275,7 +275,7 @@ buf_dump(
buf_dump_status(STATUS_INFO, "Dumping buffer pool(s) to %s",
full_filename);

f = fopen(tmp_filename, "w");
f = fopen(tmp_filename, "w" STR_O_CLOEXEC);
if (f == NULL) {
buf_dump_status(STATUS_ERR,
"Cannot open '%s' for writing: %s",
@@ -516,7 +516,7 @@ buf_load()
buf_load_status(STATUS_INFO,
"Loading buffer pool(s) from %s", full_filename);

f = fopen(full_filename, "r");
f = fopen(full_filename, "r" STR_O_CLOEXEC);
if (f == NULL) {
buf_load_status(STATUS_INFO,
"Cannot open '%s' for reading: %s",
@@ -1043,7 +1043,7 @@ char*
RemoteDatafile::read_link_file(
const char* link_filepath)
{
FILE* file = fopen(link_filepath, "r+b");
FILE* file = fopen(link_filepath, "r+b" STR_O_CLOEXEC);
if (file == NULL) {
return(NULL);
}

0 comments on commit 0a63c91

Please sign in to comment.