[Karmic] MySQL security problem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-dfsg-5.1 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mysql-server-5.1
I have a script and a data file that I have been using for years. Today, after applying the 40 or so updates KPackageKit told me I needed, and rebooting, it no longer works.
roland@
Enter password:
ERROR 29 (HY000) at line 3 in file: 'load_data.sql': File '/home/
roland@
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.37-1ubuntu2 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> source load_data.sql
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
ERROR 29 (HY000): File '/home/
roland@
delete from drawing_data;
commit;
load data infile "/home/
into table drawing_data
fields terminated by ','
lines terminated by '\n'
(draw_dt, no_1, no_2, no_3, no_4, no_5, mega_no)
I assume someone has been playing with security again, and there is now something which needs to be tweaked somewhere on the system. The file has world read enabled on it, so this is probably a setting which needs to be documented.
Description: Ubuntu karmic (development branch)
Release: 9.10
I have fixed this problem on my own, but it points to a deeper issue.
You have to edit an apparmor config file, then reboot. Given the current shutdown problems with Karmic, that is an issue. Where is the GUI for AppArmor? OpenSuSE has one, why doesn't KUbuntu?
sudo scite /etc/apparmor. d/usr.sbin. mysqld
If you don't have SciTE installed, you probably should since it is a very good text editor and doesn't have much baggage.
At the very end of the file, before the closing brace, you need to add a line (or lines) which give mysql access to the directory trees you want to use.
/var/ run/mysqld/ mysqld. sock w,
/home/roland/** rwk,
}
You can restrict access to specific files or to any file in a tree, like I did. rwk = read write kill.
Where is the AppArmor GUI and why isn't it installed automatically if we are now using AppArmor?