Make sure the EDITOR does not have access to the mysql socket
This commit is contained in:
Geir Hauge
parent
dc6b93166b
commit
3c39c277bd
|
|
@ -376,7 +376,6 @@ editperm(MYSQL *pmysql, const char *db)
|
|||
char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX";
|
||||
FILE *f;
|
||||
char *editor;
|
||||
char cmd[1024]; /* shell command for editing the file */
|
||||
char line[1024]; /* buffer to hold one line */
|
||||
char *cp; /* used to interate through a line */
|
||||
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
|
||||
|
|
@ -386,8 +385,11 @@ editperm(MYSQL *pmysql, const char *db)
|
|||
char *queries[MAX_GRANTS]; /* insert queries */
|
||||
int lines; /* number of grant lines processed */
|
||||
int i; /* iterate through lines[] */
|
||||
int fd;
|
||||
pid_t pid;
|
||||
int exit_status = -1;
|
||||
|
||||
int fd = mkstemp(fn);
|
||||
fd = mkstemp(fn);
|
||||
|
||||
if (fd == -1)
|
||||
return dberror(NULL, "Cannot create a unique temporary file name.");
|
||||
|
|
@ -398,17 +400,46 @@ editperm(MYSQL *pmysql, const char *db)
|
|||
writeperm(f, pmysql, db);
|
||||
fclose(f);
|
||||
|
||||
editor = getenv("EDITOR");
|
||||
if (!editor)
|
||||
editor = "pico"; /* OK since editor won't be freed */
|
||||
strcpy(cmd, editor);
|
||||
strcat(cmd, " ");
|
||||
strcat(cmd, fn);
|
||||
if (system(cmd) == -1) {
|
||||
dberror(NULL, "Failed to execute '%s'\n", cmd);
|
||||
perror("system");
|
||||
return 1;
|
||||
pid = fork();
|
||||
if ( pid < 0 )
|
||||
{
|
||||
perror("Failed to fork");
|
||||
exit(2);
|
||||
}
|
||||
else if ( pid != 0 )
|
||||
{
|
||||
int status = 0;
|
||||
while ( waitpid(pid, &status, 0) )
|
||||
{
|
||||
if (WIFEXITED(status))
|
||||
{
|
||||
exit_status = WEXITSTATUS(status);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Should not have access to the mysql socket here */
|
||||
if (close(pmysql->net.fd) != 0)
|
||||
{
|
||||
perror("Failed to close fd");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
editor = getenv("EDITOR");
|
||||
if (!editor)
|
||||
editor = "pico"; /* OK since editor won't be freed */
|
||||
|
||||
execlp(editor, editor, fn, NULL);
|
||||
perror("Failed to execute editor");
|
||||
fprintf(stderr, "Make sure the EDITOR environment variable contains"
|
||||
" a valid editor\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (exit_status != 0)
|
||||
return 1;
|
||||
|
||||
/* parse */
|
||||
f = fopen(fn, "r");
|
||||
|
|
@ -534,6 +565,8 @@ editperm(MYSQL *pmysql, const char *db)
|
|||
dberror(pmysql, "Failed to insert grant line %d.", i + 1);
|
||||
free(queries[i]);
|
||||
}
|
||||
|
||||
fprintf(stderr,"Permissions updated\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue