Bug #17647 | Trouble with "create database" | ||
---|---|---|---|
Submitted: | 22 Feb 2006 13:33 | Modified: | 9 Aug 2006 12:44 |
Reporter: | Michal Prokopiuk | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | 4.1.19-BK, 4.1.16 | OS: | Linux (Linux) |
Assigned to: | Alexander Barkov | CPU Architecture: | Any |
[22 Feb 2006 13:33]
Michal Prokopiuk
[2 Apr 2006 10:45]
Valeriy Kravchuk
Thank you for a bug report. Verified just as described with 4.1.19-BK (ChangeSet@1.2491, 2006-04-01 05:44:10+02:00) on Linux: openxs@suse:~/dbs/4.1> bin/mysql -uroot test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 to server version: 4.1.19 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database sample; Query OK, 1 row affected (0.01 sec) mysql> grant all on sample.* to 'sample'@'localhost' identified by 'password'; Query OK, 0 rows affected (0.01 sec) mysql> \q openxs@suse:~/dbs/4.1> bin/mysql -usample -ppassword -A sample; Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 to server version: 4.1.19 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database another; ERROR 1044 (42000): Access denied for user 'sample'@'localhost' to database 'another' mysql> create database SAmple; Query OK, 1 row affected (0.00 sec) mysql> show databases; +----------+ | Database | +----------+ | SAmple | | sample | | test | +----------+ 3 rows in set (0.00 sec) I remember very similar bug report, so it can be a duplicate, but I was not able to find it, yet.
[4 May 2006 7:03]
Alexander Barkov
A fix has been commited: http://lists.mysql.com/commits/5927
[7 May 2006 21:28]
Michal Prokopiuk
thank you for solution
[7 Jun 2006 9:31]
Sergei Glukhov
ok to push
[23 Jun 2006 6:55]
Gerald Gruenberger
I found another case linked with this bug: If you have rights on "ab_mydatabase", you can create "ab?mydatabase" too (maybe it's possible to replace every char with the questionmark, but till now only tested and seen with an underscore) I think this is the same bug. OS filesystem feature tricks mysql's rights management. MySQL-Versions: 4.1.20, 4.0.27 Plattform: Linux
[7 Jul 2006 11:01]
Alexander Barkov
Pushed into 4.1.21 Todo: merge into 5.0 and 5.1
[7 Aug 2006 6:18]
Alexander Barkov
Merged into 5.0.25 and 5.1.12.
[9 Aug 2006 12:29]
Jon Stephens
Gerald, That's a separate issue, and is documented behaviour: the underscore acts as a wildcard in an identifier unless the identifier is set off with backticks (`...`). See http://dev.mysql.com/doc/refman/5.0/en/legal-names.html and subsections.
[9 Aug 2006 12:44]
Jon Stephens
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release. If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at http://dev.mysql.com/doc/en/installing-source.html Documented in 4.1.21/5.0.25/5.1.12 changelogs. NOTE: It is *not* recommended to depend on case-sensitivity of identifiers for databases or tables, since this makes them non-portable to platforms with case-insensitive filesystems.
[28 Aug 2006 9:53]
Christian Hammers
This bug has been registered at cve.mitre.org, please mention "CVE-2006-4226" in the changelog!
[23 Mar 2007 19:14]
A NE
Will this security fix be pushed to 4.0.x?