Hi all,
Due to the severe security issue released last week for mysql, we had to
upgrade all our 3.22.32 servers to the latest 3.23 release.
However, this introduced us to some problems across several of our 80+ DB
servers:
1. Weird resolve issues:
<Host A> tries to connect to <Host B>
<Host B> replies saying that <User>@<Host C> is not allowed to
connect
<Host C> is a CNAME record which resolves to <Host A>
Some sort of weird resolver issue on mysql's part? The weirdest
part of this all is that neither a 'FLUSH HOSTS' or a restart of
the mysql daemon clears the problem which I would assume it
should. The temporary fix for me was to copy the grants for
<Host A> to <Host C> in the privilege tables on <Host B>.
2. Grant system design change?
The order by which the Privilege System uses seems to have changed
so that the following happens:
%.foo.bar.com has SELECT on mysql.*
%.bar.com has UPDATE on mysql.*
With 3.22.X, jdoe.foo.bar.com would have SELECT on the mysql DB
With 3.23.X, jdoe.foo.bar.com would have UPDATE on the mysql DB
I'm assuming this is a design feature and not a bug, this is
merely a heads up if this is not the case.
I checked through a bunch of CHANGELOGs, but didn't have time to
sift through them all.
For reference: This "problem" also appeared on hosts that were
upgraded from 3.23.38 -> 3.23.54.
LEGEND:
FreeBSD 3.2 and 4.[245]
mysql 3.23.54
Regards,
Atle
-
Flying Crocodile Inc, Unix Systems Administrator
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
