Details
Major
Description
These two last changes in MySQL 5.1 scripts/mysql_system_tables_data.sql depend on @current_hostname which is set at the beginning of the script:
revno: 4059
revision-id: venkata.sidagam@oracle.com-20131031173244-9vf8hy0y4jepgkcj
parent: balasubramanian.kandasamy@oracle.com-20131030030707-3qurl7q3l0qb8afc
committer: Venkata Sidagam <venkata.sidagam@oracle.com>
branch nick: 5.1
timestamp: Thu 2013-10-31 23:02:44 +0530
message:
Bug #12917164 DROP USER CAN'T DROP USERS WITH LEGACY
UPPER CASE HOST NAME ANYMORE
Description:
It is not possible to drop users with host names with upper case
letters in them. i.e DROP USER 'root'@'Tmp_Host_Name'; is failing
with error.
Analysis: Since the fix 11748570 we came up with lower case hostnames
as standard. But in the current bug the hostname is created by
mysql_install_db script is still having upper case hostnames.
So, if we have the hostname with upper case letters like(Tmp_Host_Name)
then we will have as it is stored in the mysql.user table.
In this case if use "'DROP USER 'root'@'Tmp_Host_Name';" it gives
error because we do compare with the lower case of hostname since the
11748570 fix.
Fix: We need to convert the hostname to lower case before storing into
the mysql.user table when we run the mysql_install_db script.
revno: 3953 revision-id: sujatha.sivakumar@oracle.com-20130219090111-98apjsj6myi5yrm1 parent: harin.vadodaria@oracle.com-20130219064731-ggrchazff766r4gu committer: Sujatha Sivakumar <sujatha.sivakumar@oracle.com> branch nick: Bug11746817_mysql-5.1 timestamp: Tue 2013-02-19 14:31:11 +0530 message: Bug#11746817:MYSQL_INSTALL_DB CREATES WILDCARD GRANTS WHEN HOST HAS '_' IN THE HOSTNAME Problem: ======= '_' and '%' are treated as a wildcards by the ACL code and this is documented in the manual. The problem with mysql_install_db is that it does not take this into account when creating the initial GRANT tables: --- cut --- REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','', 0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost'; --- cut --- If @current_hostname contains any wildcard characters, then a wildcard entry will be defined for the 'root' user, which is a flaw. Analysis: ======== As per the bug description when we have a hostname with a wildcard character in it, it allows clients from several other hosts with similar name pattern to connect to the server as root. For example, if the hostname is like 'host_.com' then the same name is logged in mysql.user table. This allows 'root' users from other hosts like 'host1.com', 'host2.com' ... to connect to the server as root user. While creating the intial GRANT tables we do not have a check for wildcard characters in hostname. Fix: === As part of fix escape character "\" is added before wildcard character to make it a plain character, so that the one and only host with the exact name will be able to connect to the server.
@current_hostname is set as a @@hostname converted to the lower case (for #12917164, a.k.a http://bugs.mysql.com/bug.php?id=62255) and with special symbols escaped (for #11746817). Later this variable is used for creating users in mysql.user.
It went as is to MariaDB 5.1, but in MariaDB 5.2 the variable @current_hostname is still reset to initial @@hostname (as it used to be before the changes), so the modifications to the hostname get lost.
revision-id: sergii@pisem.net-20140316125944-vcz27criv3mboxo1 date: 2014-03-16 13:59:44 +0100 build-date: 2014-03-19 04:02:43 +0400 revno: 3230 branch-nick: 5.2
revision-id: sergii@pisem.net-20140316200301-s6v5h1t6d9feqwo9 date: 2014-03-16 21:03:01 +0100 build-date: 2014-03-19 04:03:03 +0400 revno: 3773 branch-nick: 5.3
Gliffy Diagrams
Attachments
Issue Links
- blocks
-
MDEV-670 LP:1002402 - mysql_install_db still creates users with case sensitive hostname
-
- Closed
-
- links to
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions