Make sure the EDITOR does not have access to the mysql socket

This commit is contained in:
Geir Hauge 2012-12-11 13:41:48 +00:00
parent dc6b93166b
commit 3c39c277bd

View File

@ -376,7 +376,6 @@ editperm(MYSQL *pmysql, const char *db)
char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX";
FILE *f;
char *editor;
char cmd[1024]; /* shell command for editing the file */
char line[1024]; /* buffer to hold one line */
char *cp; /* used to interate through a line */
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
@ -386,8 +385,11 @@ editperm(MYSQL *pmysql, const char *db)
char *queries[MAX_GRANTS]; /* insert queries */
int lines; /* number of grant lines processed */
int i; /* iterate through lines[] */
int fd;
pid_t pid;
int exit_status = -1;
int fd = mkstemp(fn);
fd = mkstemp(fn);
if (fd == -1)
return dberror(NULL, "Cannot create a unique temporary file name.");
@ -398,17 +400,46 @@ editperm(MYSQL *pmysql, const char *db)
writeperm(f, pmysql, db);
fclose(f);
editor = getenv("EDITOR");
if (!editor)
editor = "pico"; /* OK since editor won't be freed */
strcpy(cmd, editor);
strcat(cmd, " ");
strcat(cmd, fn);
if (system(cmd) == -1) {
dberror(NULL, "Failed to execute '%s'\n", cmd);
perror("system");
return 1;
pid = fork();
if ( pid < 0 )
{
perror("Failed to fork");
exit(2);
}
else if ( pid != 0 )
{
int status = 0;
while ( waitpid(pid, &status, 0) )
{
if (WIFEXITED(status))
{
exit_status = WEXITSTATUS(status);
break;
}
}
}
else
{
/* Should not have access to the mysql socket here */
if (close(pmysql->net.fd) != 0)
{
perror("Failed to close fd");
exit(1);
}
editor = getenv("EDITOR");
if (!editor)
editor = "pico"; /* OK since editor won't be freed */
execlp(editor, editor, fn, NULL);
perror("Failed to execute editor");
fprintf(stderr, "Make sure the EDITOR environment variable contains"
" a valid editor\n");
exit(1);
}
if (exit_status != 0)
return 1;
/* parse */
f = fopen(fn, "r");
@ -534,6 +565,8 @@ editperm(MYSQL *pmysql, const char *db)
dberror(pmysql, "Failed to insert grant line %d.", i + 1);
free(queries[i]);
}
fprintf(stderr,"Permissions updated\n");
return 0;
}