[Bug 419400] [NEW] [Karmic] MySQL security problem

seasoned_geek roland at logikalsolutions.com
Wed Aug 26 19:23:12 BST 2009 

Public bug reported:

Binary package hint: mysql-server-5.1

I have a script and a data file that I have been using for years.
Today, after applying the 40 or so updates KPackageKit told me I needed,
and rebooting, it no longer works.

roland at logikaldesktop:~/mega_mysql$ mysql -p -e "source load_data.sql" mega_zillionare
Enter password:                                                                       
ERROR 29 (HY000) at line 3 in file: 'load_data.sql': File '/home/roland/mega_mysql/drawing_data.csv' not found (Errcode: 13)

roland at logikaldesktop:~/mega_mysql$ mysql -p mega_zillionare                                                                
Enter password:                                                                                                             
Reading table information for completion of table and column names                                                          
You can turn off this feature to get a quicker startup with -A                                                              

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5                            
Server version: 5.1.37-1ubuntu2 (Ubuntu)                 

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql> source load_data.sql
Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

ERROR 29 (HY000): File '/home/roland/mega_mysql/drawing_data.csv' not
found (Errcode: 13)


roland at logikaldesktop:~/mega_mysql$ cat load_data.sql
delete from drawing_data;
commit;
load data infile "/home/roland/mega_mysql/drawing_data.csv"
into table drawing_data
fields terminated by ','
lines terminated by '\n'
(draw_dt, no_1, no_2, no_3, no_4, no_5, mega_no);roland at logikaldesktop:~/mega_mysql$


I assume someone has been playing with security again, and there is now something which needs to be tweaked somewhere on the system.  The file has world read enabled on it, so this is probably a setting which needs to be documented.


Description:    Ubuntu karmic (development branch)
Release:        9.10

** Affects: mysql-dfsg-5.1 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
[Karmic] MySQL security problem
https://bugs.launchpad.net/bugs/419400
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu.

More information about the Ubuntu-server-bugs mailing list