Description:
Any user in mysql can create as many databases as he wants.
Create a user with 1 database, and let him create database with name
"my_data_base". Log into mysql console as user and run command:
CREATE DATABASE "my?data?base";
New database will be created and user can create tables and use it as normal
database. You can also create "my?data_base", "my_data?base", or try
to use *,$, #, a-z, A-Z.... and other symbols instead of underlines "_" ...
I've just tried to log into MySQL console as usual non-privileged user with
N,N,N,N... permissions in "mysql.user" and tried to create some base with
another names -- no permissons error. However I COULD create 5 databases
with names similar to "my_data_base"... I can operate them (as this user) without
problems. Seems like huge hole in our MySQL (or MySQL at all).
>How-To-Repeat:
>Fix:
>Submitter-Id: <submitter ID>
>Originator:
Organization: Plesk Inc,
>
>MySQL support: [none | licence | email support | extended email support ]
Synopsis: Any user in mysql can create as many databases as he wants.
Severity: critical
Priority: high
Category: mysql
>Class:
Release: mysql-3.23.46 (Source distribution)
>Environment:
System: Linux abe.plesk.ru 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
Architecture: i686
Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)
Compilation info: CC='gcc' CFLAGS='-O2 -march=i386 -mcpu=i586 -fPIC' CXX='c++'
CXXFLAGS=' -O2 -march=i386 -mcpu=i586 -fPIC' LDFLAGS=''
LIBC:
lrwxrwxrwx 1 root root 13 áÐÒ 18 21:36 /lib/libc.so.6 -> libc-2.2.4.so
-rwxr-xr-x 1 root root 1282588 óÅÎ 5 2001 /lib/libc-2.2.4.so
-rw-r--r-- 1 root root 27304836 óÅÎ 5 2001 /usr/lib/libc.a
-rw-r--r-- 1 root root 178 óÅÎ 5 2001 /usr/lib/libc.so
lrwxrwxrwx 1 root root 10 éÀÌ 23 23:58 /usr/lib/libc-client.a ->
c-client.a
Configure command: ./configure --without-x --disable-assembler --disable-shared
--enable-large-files --without-perl --without-debug --without-bench --without-docs
--with-readline --with-mysqld-user=mysql --with-low-memory
--prefix=/usr/local/psa/mysql --with-named-curses-libs=/usr/lib/libncurses.a
--with-named-z-libs=/usr/lib/libz.a
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
