Zen Bastard (jimbojones) wrote,
Zen Bastard
jimbojones

  • Mood:

How does this even happen?

$customer has some of those god awful "control panel" servers... not Plesk, but the same concept. You get the idea. $vendor is forcing him to do a migration, because they no longer support FreeBSD, so they want him to move to CentOS. $customer contracts with $vendor to maintain these things... sorta, mostly, except he's still responsible for maintaining the actual servers. Confused yet? Me too.

But really that's not the confusing part, and the only reason I mention it is because SOMEHOW, I am pretty sure $vendor was responsible for this monstrosity:

mysql> SELECT Host,Db,User,Table_name,Column_name,Timestamp,Column_priv FROM columns_priv ORDER BY Host,Table_name LIMIT 8;
+----------------------------------------------------------------------------------------------------+
| Host       | Db     | User     | Table_name     | Column_name  | Timestamp           | Column_priv |
+------------+--------+----------+----------------+--------------+---------------------+-------------+
| 127.0.0.1  | mysql  | phpuser  | tables_priv    | Host         | 2008-01-11 19:39:35 | Select      |
| 127.0.0.1  | mysql  | phpuser  | tables_priv    | Host         | 2008-06-20 20:03:49 | Select      |
| 127.0.0.1  | mysql  | phpuser  | user           | Host         | 2008-01-11 19:39:35 | Select      |
| 127.0.0.1  | mysql  | phpuser  | user           | Host         | 2008-06-20 20:03:49 | Select      |
| localhost  | mysql  | phpuser  | tables_priv    | Host         | 2008-01-11 19:39:35 | Select      |
| localhost  | mysql  | phpuser  | tables_priv    | Host         | 2008-06-20 20:03:49 | Select      |
| localhost  | mysql  | phpuser  | user           | Host         | 2008-01-11 19:39:35 | Select      |
| localhost  | mysql  | phpuser  | user           | Host         | 2008-06-20 20:03:49 | Select      |
+----------------------------------------------------------------------------------------------------+
8 rows in set (0.00 sec)


That's the columns_priv table in the mysql database. If you didn't already know this, the PRIMARY KEY of the column_priv table is a complex key consisting of Host,Db,User,Table_name,Column_name.

See the problem?

If you think that "localhost" has an extra space on it for half of those or something like that... you're fucking wrong. Those are, I shit you not, DUPLICATE primary keys. For every. Fucking. Row. In. The. Table. The same problem was in the db table.

So, for the two tables that control user permissions for every database on the server... there are primary key duplication violations littered throughout the whole fucking thing. Upshot being, whenever the server needs information about user rights, who knows what the fuck it'll get - it might get one record; it might get another record; it might get no record at all, or the whole goddamn server might catch on fire and melt into slag. Duplicated primary keys are something a SQL server checks for on insertion or update of a record... not on read of a record. In fact, before fixing this, I played around with it a little and discovered all sorts of ways to get wildly different results out of querying these tables because of this. In fact, the only way to fix it was to dump the tables completely and recreate them from scratch, because just trying to delete a row would instantly crash the server.

Anyway, it's all fixed now. But what I keep trying to figure out - and failing - is how the fuck did $vendor get those rows in the database to begin with?!
Tags: alpha geek, wtf
Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 3 comments