--- /dev/null
+
+#### ChangeSet ####
+2007-11-06 18:09:33+04:00, svoj@mysql.com
+ BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
+
+ RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
+ the file to which the symlink points.
+
+ This is security issue, because it is possible to create a table with
+ some name in some non-system database and set DATA/INDEX DIRECTORY
+ to mysql system database. Renaming this table to one of mysql system
+ tables (e.g. user, host) would overwrite the system table.
+
+ Return an error when the file to which the symlink points exist.
+
+==== mysql-test/r/symlink.result ====
+2007-11-06 18:09:32+04:00, svoj@mysql.com +6 -0
+ A test case for BUG#32111.
+
+--- 1.7/mysql-test/r/symlink.result 2003-12-12 12:26:56 -08:00
++++ 1.8/mysql-test/r/symlink.result 2007-11-06 06:09:32 -08:00
+@@ -84,3 +84,9 @@ t1 CREATE TABLE `t1` (
+ `b` int(11) default NULL
+ ) TYPE=MyISAM
+ drop table t1;
++CREATE TABLE t1(a INT)
++DATA DIRECTORY='TEST_DIR/var/master-data/mysql'
++INDEX DIRECTORY='TEST_DIR/var/master-data/mysql';
++RENAME TABLE t1 TO user;
++Can't create/write to file 'TEST_DIR/var/master-data/mysql/user.MYI' (Errcode: 17)
++DROP TABLE t1;
+
+==== mysql-test/t/symlink.test ====
+2007-11-06 18:09:32+04:00, svoj@mysql.com +12 -0
+ A test case for BUG#32111.
+
+--- 1.6/mysql-test/t/symlink.test 2003-12-12 12:26:56 -08:00
++++ 1.7/mysql-test/t/symlink.test 2007-11-06 06:09:32 -08:00
+@@ -112,3 +112,15 @@ eval alter table t1 index directory="$MY
+ enable_query_log;
+ show create table t1;
+ drop table t1;
++
++#
++# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
++#
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++eval CREATE TABLE t1(a INT)
++DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/mysql'
++INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data/mysql';
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++--error 1
++RENAME TABLE t1 TO user;
++DROP TABLE t1;
+
+==== mysys/my_symlink2.c ====
+2007-11-06 18:09:32+04:00, svoj@mysql.com +10 -1
+ Return an error when the file to which the symlink points exist.
+
+--- 1.6/mysys/my_symlink2.c 2003-12-12 12:26:56 -08:00
++++ 1.7/mysys/my_symlink2.c 2007-11-06 06:09:32 -08:00
+@@ -120,6 +120,7 @@ int my_rename_with_symlink(const char *f
+ int was_symlink= (!my_disable_symlinks &&
+ !my_readlink(link_name, from, MYF(0)));
+ int result=0;
++ int name_is_different;
+ DBUG_ENTER("my_rename_with_symlink");
+
+ if (!was_symlink)
+@@ -128,6 +129,14 @@ int my_rename_with_symlink(const char *f
+ /* Change filename that symlink pointed to */
+ strmov(tmp_name, to);
+ fn_same(tmp_name,link_name,1); /* Copy dir */
++ name_is_different= strcmp(link_name, tmp_name);
++ if (name_is_different && !access(tmp_name, F_OK))
++ {
++ my_errno= EEXIST;
++ if (MyFlags & MY_WME)
++ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST);
++ DBUG_RETURN(1);
++ }
+
+ /* Create new symlink */
+ if (my_symlink(tmp_name, to, MyFlags))
+@@ -139,7 +148,7 @@ int my_rename_with_symlink(const char *f
+ the same basename and different directories.
+ */
+
+- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags))
++ if (name_is_different && my_rename(link_name, tmp_name, MyFlags))
+ {
+ int save_errno=my_errno;
+ my_delete(to, MyFlags); /* Remove created symlink */
--- /dev/null
+check process mysql with pidfile /var/lib/mysql/mysqldb/mysql.pid
+ group database
+ start program = "/etc/rc.d/init.d/mysql restart"
+ stop program = "/etc/rc.d/init.d/mysql stop"
+ if failed unix /var/lib/mysql/mysql.sock then restart
+ if 5 restarts within 5 cycles then timeout
+ depends on mysql_bin
+ depends on mysql_rc
+
+check file mysql_bin with path /usr/sbin/mysqld
+ group database
+ if failed checksum then unmonitor
+ if failed permission 755 then unmonitor
+ if failed uid root then unmonitor
+ if failed gid root then unmonitor
+
+check file mysql_rc with path /etc/rc.d/init.d/mysql
+ group database
+ if failed checksum then unmonitor
+ if failed permission 754 then unmonitor
+ if failed uid root then unmonitor
+ if failed gid root then unmonitor
+