Possible mysql bug found

Possible mysql bug found

am 18.06.2005 01:24:56 von SteveR

Guys,

I encountered an interesting (possible) bug in mysql. It’s really weird.

I am able to create a new database using a limited account Where I
should not be able to. I shouldn’t be able to do this, but discovered it
using phpmyadmin. Intrigued, I checked it out. At first, I thought this
was a phpmyadmin issue, but I think it is instead a mysql issue. Here
are the steps I used to replicate the issue:

1) Log in using commandline client “mysql -u AnyOne -p”. Use permissions
at the bottom of this message
2) Do a: CREATE DATABASE `Stever` <---- this cannot be done
3) Do a: CREATE DATABASE `MYSQLDB?12963` <------ this *can* be done
4) Do a: DROP DATABASE `MYSQLDB?12963` <------ this *can* be done
5) Do a: CREATE DATABASE `MYSQLD??12963` <------ this cannot be done

Permissions for this user is as follows:
DB Table
+------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+
| Host | Db | User | Select_priv | Insert_priv | Update_priv |
Delete_priv | Create_priv | Drop_priv | Grant_priv | References_priv |
Index_priv | Alter_priv | Create_tmp_table_priv | Lock_tables_priv |
+------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+
| % | MYSQLDB_59653 | AnyOne | Y | Y | Y | Y | Y | Y | N | N | Y | Y | N
| Y |
+------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+

User table:
+------+-------------+------------------+-------------+----- --------+-------------+-------------+-------------+--------- --+-------------+---------------+--------------+-----------+ ------------+-----------------+------------+------------+--- -----------+------------+-----------------------+----------- -------+--------------+-----------------+------------------+ ----------+------------+-------------+--------------+------- --------+-------------+-----------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv |
Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv |
Process_priv | File_priv | Grant_priv | References_priv | Index_priv |
Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv |
Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv |
ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions |
max_updates | max_connections |
+------+-------------+------------------+-------------+----- --------+-------------+-------------+-------------+--------- --+-------------+---------------+--------------+-----------+ ------------+-----------------+------------+------------+--- -----------+------------+-----------------------+----------- -------+--------------+-----------------+------------------+ ----------+------------+-------------+--------------+------- --------+-------------+-----------------+
| % | AnyOne | 414a2b142fcb7497 | N | N | N | N | N | N | N | N | N | N
| N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 |
+------+-------------+------------------+-------------+----- --------+-------------+-------------+-------------+--------- --+-------------+---------------+--------------+-----------+ ------------+-----------------+------------+------------+--- -----------+------------+-----------------------+----------- -------+--------------+-----------------+------------------+ ----------+------------+-------------+--------------+------- --------+-------------+-----------------+

Host table:
- empty -

I cannot find much on the question mark parameter in the mysql pdf
manual. I am using Mysql 4.1.12

- Steve



--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org

Re: Possible mysql bug found

am 18.06.2005 09:56:55 von Sergei Golubchik

Hi!

On Jun 17, Stever wrote:
> Guys,
>
> I encountered an interesting (possible) bug in mysql. It's really weird.
>
> I am able to create a new database using a limited account Where I
> should not be able to. I shouldn't be able to do this, but discovered it
> using phpmyadmin. Intrigued, I checked it out. At first, I thought this
> was a phpmyadmin issue, but I think it is instead a mysql issue. Here
> are the steps I used to replicate the issue:
>
> 1) Log in using commandline client ?mysql -u AnyOne -p?. Use permissions
> at the bottom of this message
> 2) Do a: CREATE DATABASE `Stever` <---- this cannot be done
> 3) Do a: CREATE DATABASE `MYSQLDB?12963` <------ this *can* be done
> 4) Do a: DROP DATABASE `MYSQLDB?12963` <------ this *can* be done
> 5) Do a: CREATE DATABASE `MYSQLD??12963` <------ this cannot be done
>
> Permissions for this user is as follows:
> DB Table
> +------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+
> | Host | Db | User | Select_priv | Insert_priv | Update_priv |
> Delete_priv | Create_priv | Drop_priv | Grant_priv | References_priv |
> Index_priv | Alter_priv | Create_tmp_table_priv | Lock_tables_priv |
> +------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+
> | % | MYSQLDB_59653 | AnyOne | Y | Y | Y | Y | Y | Y | N | N | Y | Y | N
> | Y |
> +------+---------------+-------------+-------------+-------- -----+-------------+-------------+-------------+-----------+ ------------+-----------------+------------+------------+--- --------------------+------------------+

First - you didn't tell what steps from 1-5 gives wrong results.
I assume that you mean that 3 and 4 should result in an error.

'_' in database name is a wildcard character. Quiting
http://dev.mysql.com/doc/mysql/en/request-access.html

The wildcard characters '%' and '_' can be used in the Host
and Db columns of either table. These have the same meaning
as for pattern-matching operations performed with the LIKE
operator. If you want to use either character literally when
granting privileges, you must escape it with a backslash.
For example, to include '_' character as part of a database
name, specify it as '\_' in the GRANT statement.

Regards,
Sergei

--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/ www.mysql.com

--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org