Bug#18628 mysql-test-run: security problem(part1)

  mtr_add_arg($args, "%s--basedir=%s", $prefix, $path_my_basedir);

  mtr_add_arg($args, "%s--character-sets-dir=%s", $prefix, $path_charsetsdir);

  if ( $mysql_version_id >= 50036)

  {

    # Prevent the started mysqld to access files outside of vardir

    mtr_add_arg($args, "%s--secure-file-priv=%s", $prefix, $opt_vardir);

  }

  if ( $mysql_version_id >= 50000 )

  {

    mtr_add_arg($args, "%s--log-bin-trust-function-creators", $prefix);

a	b	c

10	NULL	Ten

15	NULL	Fifteen

show variables like "secure_file_pri%";

Variable_name	Value

secure_file_priv	MYSQLTEST_VARDIR/

select @@secure_file_priv;

@@secure_file_priv

MYSQLTEST_VARDIR/

set @@secure_file_priv= 0;

ERROR HY000: Variable 'secure_file_priv' is a read only variable

truncate table t1;

load data infile 'MYSQL_TEST_DIR/Makefile' into table t1;

ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

select * from t1;

a	b	c

select load_file("MYSQL_TEST_DIR/Makefile");

load_file("MYSQL_TEST_DIR/Makefile")

NULL

drop table t1, t2;

show status like "Qcache_queries_in_cache";

Variable_name	Value

Qcache_queries_in_cache	1

load data infile 'TEST_DIR/std_data/words.dat' into table t1;

load data infile 'MYSQLTEST_VARDIR/std_data_ln/words.dat' into table t1;

show status like "Qcache_queries_in_cache";

Variable_name	Value

Qcache_queries_in_cache	0

Warning	1101	BLOB/TEXT column 'imagem' can't have a default value

insert into t1 (id) values (1);

select

charset(load_file('../../std_data/words.dat')),

collation(load_file('../../std_data/words.dat')),

coercibility(load_file('../../std_data/words.dat'));

charset(load_file('../../std_data/words.dat'))	collation(load_file('../../std_data/words.dat'))	coercibility(load_file('../../std_data/words.dat'))

charset(load_file('../std_data_ln/words.dat')),

collation(load_file('../std_data_ln/words.dat')),

coercibility(load_file('../std_data_ln/words.dat'));

charset(load_file('../std_data_ln/words.dat'))	collation(load_file('../std_data_ln/words.dat'))	coercibility(load_file('../std_data_ln/words.dat'))

binary	binary	4

explain extended select

charset(load_file('../../std_data/words.dat')),

collation(load_file('../../std_data/words.dat')),

coercibility(load_file('../../std_data/words.dat'));

charset(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat')),

collation(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat')),

coercibility(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'));

id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra

1	SIMPLE	NULL	NULL	NULL	NULL	NULL	NULL	NULL	No tables used

Warnings:

Note	1003	select charset(load_file(_latin1'../../std_data/words.dat')) AS `charset(load_file('../../std_data/words.dat'))`,collation(load_file(_latin1'../../std_data/words.dat')) AS `collation(load_file('../../std_data/words.dat'))`,coercibility(load_file(_latin1'../../std_data/words.dat')) AS `coercibility(load_file('../../std_data/words.dat'))`

update t1 set imagem=load_file('../../std_data/words.dat') where id=1;

Note	1003	select charset(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `charset(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`,collation(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `collation(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`,coercibility(load_file(_latin1'MYSQLTEST_VARDIR/std_data_ln/words.dat')) AS `coercibility(load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat'))`

update t1 set imagem=load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat') where id=1;

select if(imagem is null, "ERROR", "OK"),length(imagem) from t1 where id = 1;

if(imagem is null, "ERROR", "OK")	length(imagem)

OK	581

drop table t1;

create table t1 select load_file('../../std_data/words.dat') l;

create table t1 select load_file('MYSQLTEST_VARDIR/std_data_ln/words.dat') l;

show full fields from t1;

Field	Type	Collation	Null	Key	Default	Extra	Privileges	Comment

l	longblob	NULL	YES		NULL		#