| Bug #17647 | Trouble with "create database" | ||
|---|---|---|---|
| Submitted: | 22 Feb 2006 14:33 | Modified: | 9 Aug 2006 14:44 |
| Reporter: | Michal Prokopiuk | ||
| Status: | Closed | ||
| Category: | Server | Severity: | S2 (Serious) |
| Version: | 4.1.19-BK, 4.1.16 | OS: | Linux (Linux) |
| Assigned to: | Alexander Barkov | Target Version: | |
[22 Feb 2006 14:33]
Michal Prokopiuk
[2 Apr 2006 12:45]
Valeriy Kravchuk
Thank you for a bug report. Verified just as described with 4.1.19-BK (ChangeSet@1.2491, 2006-04-01 05:44:10+02:00) on Linux: openxs@suse:~/dbs/4.1> bin/mysql -uroot test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 to server version: 4.1.19 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database sample; Query OK, 1 row affected (0.01 sec) mysql> grant all on sample.* to 'sample'@'localhost' identified by 'password'; Query OK, 0 rows affected (0.01 sec) mysql> \q openxs@suse:~/dbs/4.1> bin/mysql -usample -ppassword -A sample; Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 to server version: 4.1.19 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database another; ERROR 1044 (42000): Access denied for user 'sample'@'localhost' to database 'another' mysql> create database SAmple; Query OK, 1 row affected (0.00 sec) mysql> show databases; +----------+ | Database | +----------+ | SAmple | | sample | | test | +----------+ 3 rows in set (0.00 sec) I remember very similar bug report, so it can be a duplicate, but I was not able to find it, yet.
[4 May 2006 9:03]
Alexander Barkov
A fix has been commited: http://lists.mysql.com/commits/5927
[7 May 2006 23:28]
Michal Prokopiuk
thank you for solution
[7 Jun 2006 11:31]
Sergey Gluhov
ok to push
[23 Jun 2006 8:55]
Gerald Gruenberger
I found another case linked with this bug: If you have rights on "ab_mydatabase", you can create "ab?mydatabase" too (maybe it's possible to replace every char with the questionmark, but till now only tested and seen with an underscore) I think this is the same bug. OS filesystem feature tricks mysql's rights management. MySQL-Versions: 4.1.20, 4.0.27 Plattform: Linux
[7 Jul 2006 13:01]
Alexander Barkov
Pushed into 4.1.21 Todo: merge into 5.0 and 5.1
[7 Aug 2006 8:18]
Alexander Barkov
Merged into 5.0.25 and 5.1.12.
[9 Aug 2006 14:29]
Jon Stephens
Gerald, That's a separate issue, and is documented behaviour: the underscore acts as a wildcard in an identifier unless the identifier is set off with backticks (`...`). See http://dev.mysql.com/doc/refman/5.0/en/legal-names.html and subsections.
[9 Aug 2006 14:44]
Jon Stephens
Thank you for your bug report. This issue has been committed to our source repository of
that product and will be incorporated into the next release.
If necessary, you can access the source repository and build the latest available
version, including the bug fix. More information about accessing the source trees is
available at
http://dev.mysql.com/doc/en/installing-source.html
Documented in 4.1.21/5.0.25/5.1.12 changelogs.
NOTE: It is *not* recommended to depend on case-sensitivity of identifiers for databases
or tables, since this makes them non-portable to platforms with case-insensitive
filesystems.
[28 Aug 2006 11:53]
Christian Hammers
This bug has been registered at cve.mitre.org, please mention "CVE-2006-4226" in the changelog!
[23 Mar 2007 20:14]
A NE
Will this security fix be pushed to 4.0.x?
