1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
select user();
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def user() 253 77 14 N 1 31 8
user()
root@localhost
create user a17aaaaaaaaaaaaa0@localhost;
ERROR HY000: String 'a17aaaaaaaaaaaaa0' is too long for user name (should be no longer than 16)
alter table mysql.user modify User char(80) binary not null default '';
alter table mysql.db modify User char(80) binary not null default '';
alter table mysql.tables_priv modify User char(80) binary not null default '';
alter table mysql.columns_priv modify User char(80) binary not null default '';
alter table mysql.procs_priv modify User char(80) binary not null default '';
alter table mysql.proc modify definer char(141) collate utf8_bin not null default '';
alter table mysql.event modify definer char(141) collate utf8_bin not null default '';
set global event_scheduler = on;
select user();
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def user() 253 141 14 N 1 31 8
user()
root@localhost
create user a17aaaaaaaaaaaaa0@localhost;
grant usage on *.* to a17aaaaaaaaaaaaa0@localhost;
grant select on mysql.user to b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0@localhost;
grant select(User) on mysql.tables_priv to c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost;
select user(), current_user();
user() current_user()
a17aaaaaaaaaaaaa0@localhost a17aaaaaaaaaaaaa0@localhost
show grants;
Grants for a17aaaaaaaaaaaaa0@localhost
GRANT USAGE ON *.* TO 'a17aaaaaaaaaaaaa0'@'localhost'
select user(), current_user();
user() current_user()
b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0@localhost b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0@localhost
show grants;
Grants for b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0@localhost
GRANT USAGE ON *.* TO 'b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0'@'localhost'
GRANT SELECT ON `mysql`.`user` TO 'b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0'@'localhost'
select user,host from mysql.user where user like '%0';
user host
a17aaaaaaaaaaaaa0 localhost
b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0 localhost
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0 localhost
select user,host from mysql.db;
ERROR 42000: SELECT command denied to user 'b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0'@'localhost' for table 'db'
select user(), current_user();
user() current_user()
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
show grants;
Grants for c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
GRANT USAGE ON *.* TO 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost'
GRANT SELECT (User) ON `mysql`.`tables_priv` TO 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost'
select user from mysql.tables_priv;
user
b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0
select user,host from mysql.tables_priv;
ERROR 42000: SELECT command denied to user 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost' for column 'host' in table 'tables_priv'
use mtr;
ERROR 42000: Access denied for user 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost' to database 'mtr'
drop procedure mtr.add_suppression;
ERROR 42000: alter routine command denied to user 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost' for routine 'mtr.add_suppression'
create procedure test.p1() select user(), current_user(), user from mysql.tables_priv;
show create procedure test.p1;
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
p1 CREATE DEFINER=`c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0`@`localhost` PROCEDURE `p1`()
select user(), current_user(), user from mysql.tables_priv latin1 latin1_swedish_ci latin1_swedish_ci
select definer from information_schema.routines;
definer
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
create table test.t1 (a text);
create event e1 on schedule every 1 second
do insert test.t1 values (concat(user(), ' ', current_user()));
select definer from information_schema.events;
definer
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
create view v1 as select * from t1;
select definer from information_schema.views;
definer
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
drop view v1;
create trigger tr1 before delete on t1 for each row set @a:=1;
select definer from information_schema.triggers;
definer
c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
drop trigger tr1;
connect(localhost,c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0,foobar,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0'@'localhost' (using password: YES)
call test.p1();
user() current_user() user
root@localhost c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0
root@localhost c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0
select * from t1 limit 1;
a
event_scheduler@localhost c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost
grant usage on *.* to d81ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd0@lodalhost;
ERROR HY000: String 'd81ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd' is too long for user name (should be no longer than 80)
drop user d81ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd0@lodalhost;
ERROR HY000: String 'd81ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd' is too long for user name (should be no longer than 80)
drop user c80cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc0@localhost;
drop user b64bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb0@localhost;
drop user a17aaaaaaaaaaaaa0@localhost;
set global event_scheduler = off;
drop event e1;
drop procedure test.p1;
drop table t1;
alter table mysql.user modify User char(16) binary not null default '';
alter table mysql.db modify User char(16) binary not null default '';
alter table mysql.tables_priv modify User char(16) binary not null default '';
alter table mysql.columns_priv modify User char(16) binary not null default '';
alter table mysql.procs_priv modify User char(16) binary not null default '';
alter table mysql.proc modify definer char(77) collate utf8_bin not null default '';
alter table mysql.event modify definer char(77) collate utf8_bin not null default '';
flush privileges;
select user();
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def user() 253 77 14 N 1 31 8
user()
root@localhost
|
