[MDEV-8269] Correct fix for Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC HOST WHEN IT CONTAINS WILDCARD - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL)
Fix Version/s: 10.4.6
Component/s: Authentication and Privilege System
Labels:
- upstream

Sprint:
5.5.48-0

Description

According to the manual, for the purpose of account matching for incoming connections user accounts are sorted in the order from most specific (no wildcards), to least specific (only wildcards). This is done in the get_sort() function.

But elements that have wildcards and only differ in the length of the tail are considered equal, that is the order of "%.bar" and "%.foo.bar" is undefined. Same for "www.%.com" and "www.%.host.com". Although in both cases the second host name is more specific and should be sorted first.

There is an attempt of fixing it upstream, but it's very incomplete

Attachments

Issue Links

relates to

MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically

Closed

MDEV-14735 better matching order for grants

Closed

links to

upstream fix

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2015-06-04 16:11

Updated:: 2019-06-17 12:20

Resolved:: 2019-06-17 12:20

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.