Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some standard calls show server installation directory to regular users [CORE1845] #2274

Closed
firebird-issue-importer opened this issue Apr 17, 2008 · 18 comments

Comments

@firebird-issue-importer

Submitted by: @AlexPeshkoff

Is related to QA216

In order to avoid extra security risks, given in restricted comment.

Commits: 31af3c8 ed638ce

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2008

Commented by: @AlexPeshkoff

Using standard information items isc_info_svc_get_env, isc_info_svc_get_env_lock & isc_info_svc_get_env_msg one can get information about location of appropriate objects having regular login on firebird server.
Should be restricted for SYSDBA only use.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2008

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Target: 2.5 Alpha 1, 2.1.1, 1.5.6, 2.0.5 [ 10224, 10223, 10225, 10222 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2008

Modified by: @AlexPeshkoff

Fix Version: 2.5 Alpha 1 [ 10224 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 6, 2008

Modified by: @AlexPeshkoff

Fix Version: 2.1.1 [ 10223 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2008

Commented by: @dyemanov

Alex, I'm not sure it's worth backporting into v2.0 and v1.5. Your security patches for the service manager are committed into v2.1 only and this ticket just adds one more check there. This change alone won't make the service manager secure in old FB versions. And I don't think we should backport the whole batch of changes.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2008

Commented by: @AlexPeshkoff

Dmitry, agreed here. It's really useless.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2008

Modified by: @AlexPeshkoff

Target: 2.5 Alpha 1, 2.1.1, 1.5.6, 2.0.5 [ 10224, 10223, 10225, 10222 ] => 2.1.1, 2.5 Alpha 1 [ 10223, 10224 ]

status: Open [ 1 ] => Open [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 28, 2008

Commented by: Volker Rehn (vr2_s18)

Some apps require a list of aliases. With customer-side installations, the sysdba pw is often unknown to deployers. A workaround could be to allow the DBO access to server info like isc_info_svc_get_env, because 2.5 with its rdb$admin isn't available yet for production.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 4, 2008

Commented by: @AlexPeshkoff

Sorry, it's impossible. Service manager works in server, not database context, therefore DBO is meaningless for it.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 26, 2008

Modified by: @pcisar

Link: This issue block progress on QA216 [ QA216 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 26, 2009

Modified by: @pcisar

Link: This issue is related to QA216 [ QA216 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 26, 2009

Modified by: @pcisar

Link: This issue block progress on QA216 [ QA216 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 25, 2013

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 25, 2013

Commented by: @pcisar

Test added.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test => Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment