Mark Atwood (fallenpegasus) wrote,
Mark Atwood

tmpdir in MySQL

Years and years ago, there was a moderately serious bug in MySQL 4.0 and 4.1 where the TMPDIR environment variable would sometimes override the tmpdir setting in the my.cnf file.

It was worked out that some calls to a create_tmp_file() function were not being passed the config setting, so it would fall back to the environment variable. Oopps, but fixed.

But was it really?

It turns out that there is still an issue that looks the same. It has the same symptom: change the tmpdir, but MySQL tries to use the default system tmpdir anyway.

But now the cause is different.

Many modern enterprise Linux distros ship with SELinux turned on. And SELinux specially handles and tracks tmpfiles and tmpdirs, because otherwise they are excellent targets for attacks and for leaking secure information.

The vast majority of MySQL users never bother setting tmpdir, and/or they turn off SELinux. And even if they don't, the don't notice the problem, so it's only intermittently reported, and when it is, it's mistaken for this old closed bug.

If you are using SELinux, and if you change the tmpdir in the my.cnf file, you also have to tell SELinux to give that directory the proper security context for a temporary directory. Otherwise when MySQL tries to create a tmpfile there, it will fail, then fall back to the default system tmpdir.

This should probably be added to the MySQL documentation, and a warning logged when it happens. But until it is, that's the problem.
Tags: mysql

  • Razors

    I'm getting ads for I think five different "all metal" "get the best shave of your life" "throw away the plastic" razor startups. They all seem to be…

  • Doing what needs to be done

    On May 1st, one of my co-residents found one of the feral rabbits that live in the area cuddled up against a corner of the house. It was seriously…

  • The CTO of Visa, after listening to me present

    Some years ago, I was asked to travel to the corporate meeting center to present at a presentation-fest to the CxO staff of Visa. Yes, the one with…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded