katlogic/mysql.txt

## mysql.txt
This does not seem to be exploitable on clean installs of Debian 7/8

Package versions:

5.5.49-0+deb8u1

5.5.31+dfsg-0+wheezy1

(both supposedly affected)

The mysqld_safe script runs as follows:

    + MY_BASEDIR_VERSION=/usr
    + ledir=/usr/sbin
    + test -d /usr/data/mysql
    + test -d /usr/var/mysql
    + DATADIR=/var/lib/mysql
    + test -z
    + test -r /usr/my.cnf
    + test -r /var/lib/mysql/my.cnf
    + log_error WARNING: Found /var/lib/mysql/my.cnf
    The data directory is a deprecated location for my.cnf, please move it to
    /usr/my.cnf
    + log_generic daemon.error WARNING: Found /var/lib/mysql/my.cnf
    The data directory is a deprecated location for my.cnf, please move it to
    /usr/my.cnf
    + priority=daemon.error
    + shift
    + date +%y%m%d %H:%M:%S
    + msg=160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
    The data directory is a deprecated location for my.cnf, please move it to
    /usr/my.cnf
    + echo 160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
    The data directory is a deprecated location for my.cnf, please move it to
    /usr/my.cnf
    160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
    The data directory is a deprecated location for my.cnf, please move it to
    /usr/my.cnf
    + MYSQL_HOME=/var/lib/mysql

This fails because MY_BASEDIR_VERSION is /usr on debian, and /usr/data/mysql does not exist.

    # Try where the binary installs put it
    if test -d $MY_BASEDIR_VERSION/data/mysql
    then
      DATADIR=$MY_BASEDIR_VERSION/data
      if test -z "$defaults" -a -r "$DATADIR/my.cnf"
      then
        defaults="--defaults-extra-file=$DATADIR/my.cnf"
      fi
    ...

The only possible scenario is if directory /usr/data/mysql is left over from past dist upgrades or introduced via other route.
	This does not seem to be exploitable on clean installs of Debian 7/8

	Package versions:

	5.5.49-0+deb8u1

	5.5.31+dfsg-0+wheezy1

	(both supposedly affected)

	The mysqld_safe script runs as follows:

	+ MY_BASEDIR_VERSION=/usr
	+ ledir=/usr/sbin
	+ test -d /usr/data/mysql
	+ test -d /usr/var/mysql
	+ DATADIR=/var/lib/mysql
	+ test -z
	+ test -r /usr/my.cnf
	+ test -r /var/lib/mysql/my.cnf
	+ log_error WARNING: Found /var/lib/mysql/my.cnf
	The data directory is a deprecated location for my.cnf, please move it to
	/usr/my.cnf
	+ log_generic daemon.error WARNING: Found /var/lib/mysql/my.cnf
	The data directory is a deprecated location for my.cnf, please move it to
	/usr/my.cnf
	+ priority=daemon.error
	+ shift
	+ date +%y%m%d %H:%M:%S
	+ msg=160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
	The data directory is a deprecated location for my.cnf, please move it to
	/usr/my.cnf
	+ echo 160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
	The data directory is a deprecated location for my.cnf, please move it to
	/usr/my.cnf
	160913 03:30:33 mysqld_safe WARNING: Found /var/lib/mysql/my.cnf
	The data directory is a deprecated location for my.cnf, please move it to
	/usr/my.cnf
	+ MYSQL_HOME=/var/lib/mysql

	This fails because MY_BASEDIR_VERSION is /usr on debian, and /usr/data/mysql does not exist.

	# Try where the binary installs put it
	if test -d $MY_BASEDIR_VERSION/data/mysql
	then
	DATADIR=$MY_BASEDIR_VERSION/data
	if test -z "$defaults" -a -r "$DATADIR/my.cnf"
	then
	defaults="--defaults-extra-file=$DATADIR/my.cnf"
	fi
	...

	The only possible scenario is if directory /usr/data/mysql is left over from past dist upgrades or introduced via other route.