Bug #1639735 “basedir cannot be a symlink” : Bugs : Percona Server moved to https://jira.percona.com/projects/PS

Bug Description

From version 5.7.14-8 it is not possible to configure basedir to a simlink. The changelog mentions:

Implemented restrictions on symlinked files (error_log, pid_file) that can’t be used with mysqld_safe. Bug fixed #1624449.

but there is no mention to the basedir parameter in general. It this behaviour expected? If the whole basedir is a simlink, it won't start because some of those restricted files are there?

localhost> cat /etc/my.cnf | grep basedir
basedir=/usr/local/mysql

localhost> cd /usr/local/

localhost> sudo unlink mysql

localhost> sudo ln -s /mysql/Percona-Server-5.7.14-7-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> sudo ln -s /mysql/Percona-Server-5.7.14-8-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). ERROR! The server quit without updating PID file (/usr/local/mysql/data/pidfile.pid).

localhost> cat /etc/my.cnf | grep basedir
basedir=/mysql/Percona-Server-5.7.14-8-Linux.x86_64.ssl101

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> sudo unlink mysql

localhost> sudo ln -s /mysql/Percona-Server-5.7.15-9-Linux.x86_64.ssl101 mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). SUCCESS!

localhost> /usr/local/mysql/support-files/mysql.server stop
Shutting down MySQL (Percona Server).. SUCCESS!

localhost> cat /etc/my.cnf | grep basedir
basedir=/usr/local/mysql

localhost> /usr/local/mysql/support-files/mysql.server start
Starting MySQL (Percona Server). mysqld_safe ld_preload libraries can only be loaded from system directories (/usr/lib64, /usr/lib, /usr/local/mysql/lib)
ERROR! The server quit without updating PID file (/usr/local/mysql/data/pidfile.pid).

Tags: Edit Tag help

Miguel Angel Nieto (miguelangelnieto) on 2016-11-07

Changed in percona-server:
status:	New → Confirmed

Laurynas Biveinis (laurynas-biveinis) on 2016-11-08

tags:

added: pkg

Sveta Smirnova (svetasmirnova) wrote on 2016-11-15:

Percona-specific, not repeatable with upstream

Laurynas Biveinis (laurynas-biveinis) on 2016-11-16

tags:

added: regression

EvgeniyPatlan (evgeniy-patlan) wrote on 2017-03-15:

Yes all libraries should be loaded from the mentioned directories and links couldn't be used.
Only t=such configuration is possible, all other configurations are vulnerable.
The exception is also --basedir=/path parameter from mysqld_safe.sh

Sveta Smirnova (svetasmirnova) wrote on 2017-03-20:

Evgeniy,

using /usr/local/mysql as symlink was common usage for years. Why it started to be vulnerable just now? Where is a link to upstream bug, saying their configuration (which support symlinks) is vulnerable?

Laurynas Biveinis (laurynas-biveinis) on 2017-03-20

Changed in percona-server:
status:	Triaged → New

EvgeniyPatlan (evgeniy-patlan) wrote on 2017-04-11:

The issue should be fixed n the upcoming releases.
Here are the PRs:
https://github.com/percona/percona-server/pull/1643
https://github.com/percona/percona-server/pull/1644
https://github.com/percona/percona-server/pull/1645

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1759

Percona Server moved to https://jira.percona.com/projects/PS

basedir cannot be a symlink

Bug Description

Other bug subscribers