Percona XtraBackup moved to https://jira.percona.com/projects/PXB

innobackupex writes "stdout" and "stderr" files to cwd and leaves them behind

Bug #687544 reported by Ville Skyttä on 2010-12-08

This bug affects 6 people

	Status	Importance	Assigned to	Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Fix Released	Medium	Valentine Gostev	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.9.0
1.6	Fix Released	Medium	Valentine Gostev	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.6.4
2.0	Fix Released	Medium	Valentine Gostev	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.9.0

Bug Description

innobackupex-1.5.1 from xtrabackup-1.4-74.rhel5 writes "stdout" and "stderr" files to the current directory when backing up, and leaves them behind after backup is done.

There's nothing in innobackupex-1.5.1 --help about this, there's no documentation in the rpm, and there was not a mention about this in the release notes. Also, it seems to write to these files blindly which may result in an arbitrary file overwrite vulnerability (if these files exist and are symlinks).

I suggest using secure temporary files for these (e.g. using the File::Temp module), and cleaning them up on exit.

Related branches

lp:~longbow/percona-xtrabackup/fix_687544

Merged into lp:percona-xtrabackup/2.0 at revision 341

Alexey Kopytov (community): Approve on 2011-11-30

lp:~longbow/percona-xtrabackup/fix687544-1.6

Merged into lp:percona-xtrabackup/1.6 at revision 318

Alexey Kopytov (community): Approve on 2011-11-29

Valentine Gostev (community): Needs Resubmitting on 2011-11-29

Valentine Gostev (longbow) on 2011-02-14

Changed in percona-xtrabackup:
assignee:	nobody → Valentine Gostev (core-longbow)

Valentine Gostev (longbow) on 2011-02-15

Changed in percona-xtrabackup:
importance:	Undecided → Wishlist
status:	New → Confirmed

Revision history for this message

Reinier Lamers (lamers) wrote on 2011-05-03:

This also means that innobackupex can only run if it is has permissions to create and write files. With XtraBackup 1.2, this was not the case. So an upgrade to 1.6 breaks my backup script.

Rodrigo Gadea (rodrigo-gadea-percona) on 2011-05-19

Changed in percona-xtrabackup:
assignee:	Valentine Gostev (core-longbow) → Rodrigo Gadea (rodrigo-gadea-percona)
importance:	Wishlist → Medium

Stewart Smith (stewart) on 2011-05-20

Changed in percona-xtrabackup:
status:	Confirmed → Triaged

Stewart Smith (stewart) on 2011-06-12

Changed in percona-xtrabackup:
status:	Triaged → In Progress

Rodrigo Gadea (rodrigo-gadea-percona) on 2011-09-20

Changed in percona-xtrabackup:
assignee:	Rodrigo Gadea (rodrigo-gadea-percona) → Valentine Gostev (longbow)

Revision history for this message

Stewart Smith (stewart) wrote on 2011-11-01:

should use tmpfile() instead (or similar... whatever it is currently in perl)

Revision history for this message

Ville Skyttä (vskytta) wrote on 2011-11-01:

I'd say that 'd be something from the File::Temp module.

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-20:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-549

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.