database names containing '?' bypass permissions

Brian Scott Mon, 14 Oct 2002 10:35:16 -0700

 >Description:

A user who would not otherwise have permission to create a database can 
create a database which contains a "?" character, when the wildcard matches 
an existing database that the user has permission to access.


Example: if test_db exists, any user with permission to access test_db 
seems to be permitted to create "test?db" regardless of permissions.

It seems like MySQL is interpreting the "?" character strangely when 
verifying permission to create a database.

I can only reproduce this problem when "?" replaces "_", for example 
"test?db" by not "tes?_db".

 >How-To-Repeat:

As super-user:

create database test_db;
use mysql;
insert into user values ('%','testuser',PASSWORD('123456'), 
'N','N','N','N','N','N','N','N','N','N','N','N','N','N');
insert into db values 
('%','test_db','testuser','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
flush privileges;

As testuser:
create database 'mytestdatabase';
#the above command fails (as it should) with permission denied
create database `test?db`;
#the above command succeeds, and creates a database called "test?db";

 >Fix:

 >Submitter-Id:  <submitter ID>
 >Originator:    [EMAIL PROTECTED]
 >Organization:
 >MySQL support: none
 >Synopsis:      database names containing '?' bypass permissions
 >Severity:      non-critical
 >Priority:      low
 >Category:      mysql
 >Class:         sw-bug
 >Release:       mysql-3.23.52 (Source distribution)

 >Environment:
System: FreeBSD serv20.tierra.net 3.4-RELEASE FreeBSD 3.4-RELEASE #1: Thu 
Jan  4 10:59:48 PST 
2001     [EMAIL PROTECTED]:/usr/src/sys/compile/TIERRANET  i386


Some paths:  /usr/bin/perl /usr/bin/make /usr/bin/gcc /usr/bin/cc
GCC: gcc version 2.7.2.3
Compilation info: CC='gcc'  CFLAGS=''  CXX='g++'  CXXFLAGS=''  LDFLAGS=''
LIBC:
-r--r--r--  1 root  wheel  1051788 Dec 19  1999 /usr/lib/libc.a
lrwxrwxrwx  1 root  wheel  9 May 13  2000 /usr/lib/libc.so -> libc.so.3
-r--r--r--  1 root  wheel  520040 Dec 19  1999 /usr/lib/libc.so.3
Configure command: ./configure -with-native-thread-libs=-lc-r 
--prefix=/usr/local
Perl: This is perl, version 5.005_03 built for i386-freebsd


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

database names containing '?' bypass permissions

Reply via email to