[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] mysql bug which gives users access to create databases etc.

Subject: [cobalt-users] mysql bug which gives users access to create databases etc.
From: Kim Schulz <kim@xxxxxxxxx>
Date: Mon Sep 23 15:54:01 2002
Organization: sslug
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

hi
Can anyone else verify this. 
I came across a bug in Mysql 
$mysql -V
mysql  Ver 11.15 Distrib 3.23.37, for pc-linux-gnu (i686)

if a user has an _ (underscore) in their username, then this user can
modify (add,delete, select etc) i all databases where the username is
the same as the user with the _ (it works as a wildcard).

eg. user site_2 can access his own database db_2 but he can also access
user site22's database db22. 
if the database doesnt exist, then the user can create it (both as
user_2 and as any other userX2 - where X can be anything).

Is this bug known and does it only apply to the Raq version of MySQL? 



-- 
Kim Schulz - Freelance Development | When a fly lands on the ceiling,
Email      : kim @ schulz.dk       | does it do a half roll or a half
Tlf        : 51904262              | loop?

Follow-Ups:
- Re: [cobalt-users] mysql bug which gives users access to create databases etc.
  - From: roland
- Re: [cobalt-users] mysql bug which gives users access to create databases etc.
  - From: Alex Krohn
- Re: [cobalt-users] mysql bug which gives users access to create databases etc.
  - From: Alex Krohn

Prev by Date: Re: [cobalt-users] Qube3 - Speed Increase
Next by Date: Re: [cobalt-users] Qube3 - Speed Increase
Previous by thread: RE: [cobalt-users] Domain Mail Handled by Outside Mail Server
Next by thread: Re: [cobalt-users] mysql bug which gives users access to create databases etc.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index