• Sujatha Sivakumar's avatar
    Bug#11746817:MYSQL_INSTALL_DB CREATES WILDCARD GRANTS WHEN · a6a469b4
    Sujatha Sivakumar authored
    HOST HAS '_' IN THE HOSTNAME
    
    Problem:
    =======
    '_' and '%' are treated as a wildcards by the ACL code and
    this is documented in the manual. The problem with
    mysql_install_db is that it does not take this into account
    when creating the initial GRANT tables:
    
    --- cut ---
    REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y',
    'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
    'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',
    0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost';
    --- cut ---
    
    If @current_hostname contains any wildcard characters, then 
    a wildcard entry will be defined for the 'root' user, 
    which is a flaw.
    
    Analysis:
    ========
    As per the bug description when we have a hostname with a
    wildcard character in it, it allows clients from several other
    hosts with similar name pattern to connect to the server as root.
    For example, if the hostname is like 'host_.com' then the same
    name is logged in mysql.user table. This allows 'root' users
    from other hosts like 'host1.com', 'host2.com' ... to connect
    to the server as root user.
    
    While creating the intial GRANT tables we do not have a check
    for wildcard characters in hostname.
    
    Fix:
    ===
    As part of fix escape character "\" is added before wildcard
    character to make it a plain character, so that the one and
    only host with the exact name will be able to connect to the
    server.
    
    scripts/mysql_system_tables_data.sql:
      while creating default users get the hostname and
      replace the wildcard characters within the hostname after
      escaping them.
    a6a469b4
mysql_system_tables_data.sql 2.83 KB