Bug #52388 Create database with "?" without privileges
Submitted: 26 Mar 2010 10:15 Modified: 26 Mar 2010 10:25
Reporter: Pavel Ondrej Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S1 (Critical)
Version:5.1.35 and lower OS:Any
Assigned to: CPU Architecture:Any
Tags: create, privileges

[26 Mar 2010 10:15] Pavel Ondrej 
Description:
Hello,

I have problem. My users, which have priv. CREATE only for one or more databases (no global), can create database. But only if dabase where user have priv. is with char "_" and in new database use "?" instead "_".

How to repeat:
Create user without global priv.

CREATE DATABASE TES_T

GRANT ALL PRIVILEGES ON `tes_t`.* TO 'YOUR_USER'@'localhost'

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema | 
| p-en_cz_           | 
+--------------------+
2 rows in set (0.02 sec)

+--------------------------------------+
|    !!!!HERE IS THE PROBLEM!!!!       |
+--------------------------------------+
| mysql> create database `p-en?cz?`;   |
| Query OK, 1 row affected (0.00 sec)  |
+--------------------------------------+

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema | 
| p-en?cz?           | 
| p-en_cz_           | 
+--------------------+
3 rows in set (0.01 sec)

----- If add next "?", but where isnt "_" - So I cant create db. -->

mysql> create database `p-en?c??`;
ERROR 1044 (42000): Access denied for user 'p-en_cz'@'%' to database 'p-en?c??'
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema | 
| p-en?cz?           | 
| p-en_cz_           | 
+--------------------+
3 rows in set (0.01 sec)

mysql> drop database `p-en?cz?`;
Query OK, 0 rows affected (0.00 sec)
[26 Mar 2010 10:25] Sveta Smirnova 
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on
how to report a bug at http://bugs.mysql.com/how-to-report.php

Please read at http://dev.mysql.com/doc/refman/5.1/en/grant.html:

"Note: the ‘_’ and ‘%’ wildcards are allowed when specifying database names in
GRANT  statements that grant privileges at the global or database levels. This means, for
example, that if you want to use a ‘_’ character as part of a database name, you
should specify it as ‘\_’ in the GRANT statement, to prevent the user from being able
to access additional databases matching the wildcard pattern; for example, GRANT ... ON
`foo\_bar`.* TO ...."