Bug #47843 | executing procedure fails for grants involving db with 'test' in the name | ||
---|---|---|---|
Submitted: | 6 Oct 2009 1:49 | Modified: | 12 Oct 2009 22:07 |
Reporter: | Jacek Becla | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 5.1.37, 5.0, 5.1, next bzr | OS: | Linux |
Assigned to: | CPU Architecture: | Any |
[6 Oct 2009 1:49]
Jacek Becla
[6 Oct 2009 4:05]
Valeriy Kravchuk
Thank you for the problem report. Please, send the results of: select host, db, user from mysql.db;
[6 Oct 2009 4:36]
Jacek Becla
mysql> select host, db, user from mysql.db; +------+---------+-------+ | host | db | user | +------+---------+-------+ | % | test | | | % | test% | uTest | | % | test\_% | | | % | tst% | uTst | +------+---------+-------+ 4 rows in set (0.00 sec)
[6 Oct 2009 6:51]
Sveta Smirnova
Thank you for the report. Verified as described. This can be treated as not a bug, because test% databases allows anonymous access and this leads to behavior which treat user uTest as anonymous user without EXECUTE privilege, but this still looks inconsistent.
[6 Oct 2009 18:26]
Jacek Becla
Right, this command will fix the problem: update db set Execute_priv = 'Y' where Db = 'test' or Db = 'test\_%'; flush privileges; (but this behaviour is pretty confusing, so it'd be worthwhile fixing)
[12 Oct 2009 22:07]
Omer Barnir
This is not a bug - test databases are predefined in the system as mentioned above. If one want's them to \behave' as any other database names, the extra permissions need to be removed.