Comment 5 for bug 375371

I like it. The FILE permission has caused me quite a bit of pain in the past, and quite a few shops just run mysql with 'ALL PRIVILEGES ON *.*' for their app users because they don't want to deal with grants or don't understand.

The only issue would be that if users actually depend on the ability to export files from mysql in this way, they will have to grant the reading processes access to the mysql group, or change /var/tmp/mysql to an alternate group (the files are always created 666).

I just tested this and it works fine without the user-tmp abstraction, by setting tmpdir=/var/tmp/mysql and making sure the directory exists in the upstart script.

mysql> select * into outfile '/var/tmp/user.txt' from mysql.user;
ERROR 1 (HY000): Can't create/write to file '/var/tmp/user.txt' (Errcode: 13)
mysql> select * into outfile '/var/tmp/mysql/user.txt' from mysql.user;
Query OK, 5 rows affected (0.00 sec)

mysql> select * into outfile '/tmp/user.txt' from mysql.user;
ERROR 1 (HY000): Can't create/write to file '/tmp/user.txt' (Errcode: 13)
mysql>

I'm hesitant to break the FILE privilege's basic assumptions, but at the same time, I'd rather restrict that functionality and close a door for common exploits.

Can anyone else comment on that?