MySQL Bugs: #28354: MA doesn't escade underscore in db name when granting privileges

Bug #28354	MA doesn't escade underscore in db name when granting privileges
Submitted:	10 May 2007 15:06	Modified:	12 Feb 2009 14:08
Reporter:	Victoria Reznichenko	Email Updates:
Status:	Unsupported	Impact on me:	None
Category:	MySQL Administrator	Severity:	S2 (Serious)
Version:	1.2.11	OS:	Linux
Assigned to:		CPU Architecture:	Any

Description:
MA on Linux doesn't escape underscore in database name and thus it becomes a 'wildcard' in privilege tables.

This is snip from general query log after granting SELECT privilege for user victoria@localhost on the database 'name_db':

                      1 Query       UPDATE mysql.user SET Select_priv='N', Insert_priv='N', Update_priv='N', Delete_priv='N', Create_priv='N', Drop_priv='N', Reload_priv='N', Shutdown_priv='N', Process_priv='N', File_priv='N', Grant_priv='N', References_priv='N', Index_priv='N', Alter_priv='N', Show_db_priv='N', Super_priv='N', Create_tmp_table_priv='N', Lock_tables_priv='N', Execute_priv='N', Repl_slave_priv='N', Repl_client_priv='N', Create_view_priv='N', Show_view_priv='N', Create_routine_priv='N', Alter_routine_priv='N', max_questions='0', max_updates='0', max_connections='0', max_user_connections='0' WHERE User='victoria' AND Host='localhost'
                      1 Query       INSERT INTO mysql.db(User, Host, Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Execute_priv) VALUES('victoria', 'localhost', 'name_db', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N')

as you can see database name is not escaped.

This works fine on Windows:

		      2 Query       UPDATE mysql.user SET Select_priv='N', Insert_priv='N', Update_priv='N', Delete_priv='N', Create_priv='N', Drop_priv='N', Reload_priv='N', Shutdown_priv='N', Process_priv='N', File_priv='N', Grant_priv='N', References_priv='N', Index_priv='N', Alter_priv='N', Show_db_priv='N', Super_priv='N', Create_tmp_table_priv='N', Lock_tables_priv='N', Execute_priv='N', Repl_slave_priv='N', Repl_client_priv='N', Create_view_priv='N', Show_view_priv='N', Create_routine_priv='N', Alter_routine_priv='N', max_questions='0', max_updates='0', max_connections='0', max_user_connections='0' WHERE User='victoria' AND Host='localhost'
		      2 Query       INSERT INTO mysql.db(User, Host, Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Execute_priv) VALUES('victoria', 'localhost', 'name\\_db', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N')

How to repeat:
1. create database with underscore, for example 'name_db'
2. create user and grant any privilege on the database level for this user on database name_db
3. Apply changes
4. check SHOW GRANTS  output (or general query log)

Many thanks for writing a bug report.
We are on the way to implement the whole functionality of MySQL Administrator into MySQL Workbench.
Unfortunately you are using an unsupported platform.

For more details about supported platforms please read here:

http://www.mysql.com/support/supportedplatforms/tools.html