Changes in MySQL 5.6.34 (2016-10-12, General Availability)
Security Notes
-
Incompatible Change: The
secure_file_priv
system variable is used to limit the effect of data import and export operations. The following changes have been made to how the server handles this variable:-
secure_file_priv
can be set toNULL
to disable all import and export operations. -
The server checks the value of
secure_file_priv
at startup and writes a warning to the error log if the value is insecure. A non-NULL
value is considered insecure if it is empty, or the value is the data directory or a subdirectory of it, or a directory that is accessible by all users. Ifsecure_file_priv
is set to a nonexistent path, the server writes an error message to the error log and exits. -
Previously, the
secure_file_priv
system variable was empty by default. Now the default value is platform specific and depends on the value of theINSTALL_LAYOUT
CMake option, as shown in the following table.INSTALL_LAYOUT
ValueDefault secure_file_priv
ValueSTANDALONE
,WIN
NULL
DEB
,RPM
,SLES
,SVR4
/var/lib/mysql-files
Otherwise mysql-files
under theCMAKE_INSTALL_PREFIX
value -
To specify the default
secure_file_priv
value explicitly if you are building from source, use the newINSTALL_SECURE_FILE_PRIVDIR
CMake option. To specify a directory for the embedded server, set the newINSTALL_SECURE_FILE_PRIV_EMBEDDEDDIR
option. Its default value isNULL
.
(Bug #24679907, Bug #24695274, Bug #24707666)
-