Bug #18693 Unauthorized user can create database with a name starting by "test_"
Submitted: 31 Mar 2006 16:00 Modified: 31 Mar 2006 18:41
Reporter: Jerome Delamarche Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.18 OS:Linux (Linux RH/CentOS4)
Assigned to: CPU Architecture:Any

[31 Mar 2006 16:00] Jerome Delamarche
Description:
Any user can create databases which name starts by "test_".

How to repeat:
mysql> grant select on *.* to joe@localhost identified by 'joe';

Then connect as "joe" with password "joe".

The following SQL commands fail:
mysql> create database db;
mysql> creae database test;

The followin SQL commands succeed:
mysql> create database test_a;
mysql> drop database test_a;

joe can create as many wanted DB..... !!!
[31 Mar 2006 18:41] MySQL Verification Team
Thank you for the bug report. Testing against a latest source server
I was unable to repeat that behavior:

miguel@hegel:~/dbs/5.0> bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 5.0.21-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> grant select on *.* to joe@localhost identified by 'joe';
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
miguel@hegel:~/dbs/5.0> bin/mysql -ujoe -pjoe
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 5.0.21-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database db;
ERROR 1044 (42000): Access denied for user 'joe'@'localhost' to database 'db'
mysql> create database test_a;
ERROR 1044 (42000): Access denied for user 'joe'@'localhost' to database 'test_a'
mysql>