Skip to content

Commit 0a63c91

Browse files
committed
MDEV-8743: fopen mode e (glibc only) to prevent galera SST scripts accessing server files
For RemoteDatafile::read_link_file and buffer poool dumps Note: STR_O_CLOEXEC needs to be at the end of the fopen otherwise fopen will return EINVAL.
1 parent 5cf0662 commit 0a63c91

File tree

3 files changed

+8
-3
lines changed

3 files changed

+8
-3
lines changed

include/my_global.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -591,6 +591,11 @@ typedef SOCKET_SIZE_TYPE size_socket;
591591
#ifndef O_CLOEXEC
592592
#define O_CLOEXEC 0
593593
#endif
594+
#ifdef __GLIBC__
595+
#define STR_O_CLOEXEC "e"
596+
#else
597+
#define STR_O_CLOEXEC ""
598+
#endif
594599
#ifndef SOCK_CLOEXEC
595600
#define SOCK_CLOEXEC 0
596601
#endif

storage/innobase/buf/buf0dump.cc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,7 @@ buf_dump(
275275
buf_dump_status(STATUS_INFO, "Dumping buffer pool(s) to %s",
276276
full_filename);
277277

278-
f = fopen(tmp_filename, "w");
278+
f = fopen(tmp_filename, "w" STR_O_CLOEXEC);
279279
if (f == NULL) {
280280
buf_dump_status(STATUS_ERR,
281281
"Cannot open '%s' for writing: %s",
@@ -516,7 +516,7 @@ buf_load()
516516
buf_load_status(STATUS_INFO,
517517
"Loading buffer pool(s) from %s", full_filename);
518518

519-
f = fopen(full_filename, "r");
519+
f = fopen(full_filename, "r" STR_O_CLOEXEC);
520520
if (f == NULL) {
521521
buf_load_status(STATUS_INFO,
522522
"Cannot open '%s' for reading: %s",

storage/innobase/fsp/fsp0file.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1043,7 +1043,7 @@ char*
10431043
RemoteDatafile::read_link_file(
10441044
const char* link_filepath)
10451045
{
1046-
FILE* file = fopen(link_filepath, "r+b");
1046+
FILE* file = fopen(link_filepath, "r+b" STR_O_CLOEXEC);
10471047
if (file == NULL) {
10481048
return(NULL);
10491049
}

0 commit comments

Comments
 (0)