Percona Server moved to https://jira.percona.com/projects/PS

basedir cannot be a symlink

Bug #1639735 reported by Miguel Angel Nieto
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.5
Fix Released
Medium
EvgeniyPatlan
Percona Server moved to https://jira.percona.com/projects/PS 5.5.55-38.8
5.6
Fix Released
Medium
EvgeniyPatlan
Percona Server moved to https://jira.percona.com/projects/PS 5.6.36-82.0
5.7
Fix Released
Medium
EvgeniyPatlan
Percona Server moved to https://jira.percona.com/projects/PS 5.7.18-14
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

From version 5.7.14-8 it is not possible to configure basedir to a simlink. The changelog mentions:

Implemented restrictions on symlinked files (error_log, pid_file) that can’t be used with mysqld_safe. Bug fixed #1624449.

but there is no mention to the basedir parameter in general. It this behaviour expected? If the whole basedir is a simlink, it won't start because some of those restricted files are there?

localhost> cat /etc/my.cnf | grep basedir
basedir=/usr/local/mysql

localhost> cd /usr/local/

localhost> sudo unlink mysql

localhost> sudo ln -s /mysql/Percona-Server-5.7.14-7-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> sudo ln -s /mysql/Percona-Server-5.7.14-8-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). ERROR! The server quit without updating PID file (/usr/local/mysql/data/pidfile.pid).

localhost> cat /etc/my.cnf | grep basedir
basedir=/mysql/Percona-Server-5.7.14-8-Linux.x86_64.ssl101

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> sudo unlink mysql

localhost> sudo ln -s /mysql/Percona-Server-5.7.15-9-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> cat /etc/my.cnf | grep basedir
basedir=/usr/local/mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). mysqld_safe ld_preload libraries can only be loaded from system directories (/usr/lib64, /usr/lib, /usr/local/mysql/lib)
ERROR! The server quit without updating PID file (/usr/local/mysql/data/pidfile.pid).

Miguel Angel Nieto (miguelangelnieto)
Changed in percona-server:
status: New → Confirmed
Laurynas Biveinis (laurynas-biveinis)
tags: added: pkg
Revision history for this message
Sveta Smirnova (svetasmirnova) wrote :

Percona-specific, not repeatable with upstream

Laurynas Biveinis (laurynas-biveinis)
tags: added: regression
Revision history for this message
EvgeniyPatlan (evgeniy-patlan) wrote :

Yes all libraries should be loaded from the mentioned directories and links couldn't be used.
Only t=such configuration is possible, all other configurations are vulnerable.
The exception is also --basedir=/path parameter from mysqld_safe.sh

Revision history for this message
Sveta Smirnova (svetasmirnova) wrote :

Evgeniy,

using /usr/local/mysql as symlink was common usage for years. Why it started to be vulnerable just now? Where is a link to upstream bug, saying their configuration (which support symlinks) is vulnerable?

Laurynas Biveinis (laurynas-biveinis)
Changed in percona-server:
status: Triaged → New
Revision history for this message
EvgeniyPatlan (evgeniy-patlan) wrote :

The issue should be fixed n the upcoming releases.
Here are the PRs:
https://github.com/percona/percona-server/pull/1643
https://github.com/percona/percona-server/pull/1644
https://github.com/percona/percona-server/pull/1645

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1759

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers