-
Sujatha Sivakumar authored
HOST HAS '_' IN THE HOSTNAME Problem: ======= '_' and '%' are treated as a wildcards by the ACL code and this is documented in the manual. The problem with mysql_install_db is that it does not take this into account when creating the initial GRANT tables: --- cut --- REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','', 0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost'; --- cut --- If @current_hostname contains any wildcard characters, then a wildcard entry will be defined for the 'root' user, which is a flaw. Analysis: ======== As per the bug description when we have a hostname with a wildcard character in it, it allows clients from several other hosts with similar name pattern to connect to the server as root. For example, if the hostname is like 'host_.com' then the same name is logged in mysql.user table. This allows 'root' users from other hosts like 'host1.com', 'host2.com' ... to connect to the server as root user. While creating the intial GRANT tables we do not have a check for wildcard characters in hostname. Fix: === As part of fix escape character "\" is added before wildcard character to make it a plain character, so that the one and only host with the exact name will be able to connect to the server.
bda79b05