Make sure the EDITOR does not have access to the mysql socket

This commit is contained in:
Geir Hauge 2012-12-11 13:41:48 +00:00
parent dc6b93166b
commit 3c39c277bd
1 changed files with 45 additions and 12 deletions

View File

@ -376,7 +376,6 @@ editperm(MYSQL *pmysql, const char *db)
char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX"; char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX";
FILE *f; FILE *f;
char *editor; char *editor;
char cmd[1024]; /* shell command for editing the file */
char line[1024]; /* buffer to hold one line */ char line[1024]; /* buffer to hold one line */
char *cp; /* used to interate through a line */ char *cp; /* used to interate through a line */
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv, char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
@ -386,8 +385,11 @@ editperm(MYSQL *pmysql, const char *db)
char *queries[MAX_GRANTS]; /* insert queries */ char *queries[MAX_GRANTS]; /* insert queries */
int lines; /* number of grant lines processed */ int lines; /* number of grant lines processed */
int i; /* iterate through lines[] */ int i; /* iterate through lines[] */
int fd;
pid_t pid;
int exit_status = -1;
int fd = mkstemp(fn); fd = mkstemp(fn);
if (fd == -1) if (fd == -1)
return dberror(NULL, "Cannot create a unique temporary file name."); return dberror(NULL, "Cannot create a unique temporary file name.");
@ -398,17 +400,46 @@ editperm(MYSQL *pmysql, const char *db)
writeperm(f, pmysql, db); writeperm(f, pmysql, db);
fclose(f); fclose(f);
editor = getenv("EDITOR"); pid = fork();
if (!editor) if ( pid < 0 )
editor = "pico"; /* OK since editor won't be freed */ {
strcpy(cmd, editor); perror("Failed to fork");
strcat(cmd, " "); exit(2);
strcat(cmd, fn);
if (system(cmd) == -1) {
dberror(NULL, "Failed to execute '%s'\n", cmd);
perror("system");
return 1;
} }
else if ( pid != 0 )
{
int status = 0;
while ( waitpid(pid, &status, 0) )
{
if (WIFEXITED(status))
{
exit_status = WEXITSTATUS(status);
break;
}
}
}
else
{
/* Should not have access to the mysql socket here */
if (close(pmysql->net.fd) != 0)
{
perror("Failed to close fd");
exit(1);
}
editor = getenv("EDITOR");
if (!editor)
editor = "pico"; /* OK since editor won't be freed */
execlp(editor, editor, fn, NULL);
perror("Failed to execute editor");
fprintf(stderr, "Make sure the EDITOR environment variable contains"
" a valid editor\n");
exit(1);
}
if (exit_status != 0)
return 1;
/* parse */ /* parse */
f = fopen(fn, "r"); f = fopen(fn, "r");
@ -535,6 +566,8 @@ editperm(MYSQL *pmysql, const char *db)
free(queries[i]); free(queries[i]);
} }
fprintf(stderr,"Permissions updated\n");
return 0; return 0;
} }