Path Traversal Protection (Lines 1374-1405):
- Validates custom path input to prevent directory traversal attacks
- Rejects paths containing '../' sequences
- Prevents use of live MySQL directory (/var/lib/mysql)
- Resolves paths using realpath logic to get canonical absolute path
- Validates parent directory exists before accepting custom path
- Example blocked: '../../../etc/passwd' or '/var/lib/mysql'
Write Permission Validation (Lines 1435-1442):
- Checks that TEMP_DATADIR is writable before use
- Prevents silent failures when attempting to restore data
- Shows clear error message if directory lacks write permissions
- Critical for user experience - catches permission issues early
Impact: Prevents path traversal attacks, local privilege escalation risks,
and data loss from permission errors. Script is more defensive and robust.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
cschantz
b7d1a55ca6