Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Metadata security hole - any user can alter/drop generators and exceptions [CORE304] #637

Closed
firebird-issue-importer opened this issue Jun 12, 2002 · 15 comments

Comments

@firebird-issue-importer

Submitted by: ded (ded)

Is related to CORE735
Is duplicated by CORE3681
Is related to QA500

Votes: 2

SFID: 567931#⁠
Submitted By: ded

ANY user can drop procedures, generators, exceptions.
Tables, indices and triggers are not affected. To
reproduce:

1. Connect as SYSDBA
2. Create Procedure Test As Begin Exit; End
3. Disconnect and connect as any user
4. Drop Procedure Test - successfully.

Interesting is the next: if before step 4 try to

Execute Procedure Test

exception 551 will be raised and after it step 4 will
raise expected exception 607 - unsuccessful metadata
update -ERASE RDB$PROCEDURES failed -no permission for
delete access to PROCEDURE TEST.

Confirmed on builds WI-V1.0.0.794, LI-V6.2.796.

Best regards, Alexander V.Nevsky.

Commits: e956e2e

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 14, 2006

Commented by: Alice F. Bird (firebirds)

Date: 2005-05-22 09:56
Sender: dimitr
Logged In: YES
user_id=61270

Generators and exceptions don't have an owner, hence the
issue. But this shouldn't be the case for procedures. Needs
checking.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 18, 2006

Modified by: @dyemanov

Fix Version: 3.0 [ 10048 ]

SF_ID: 567931 =>

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 10328 ] => Firebird [ 14561 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Oct 19, 2009

Modified by: @dyemanov

Fix Version: 3.0 Alpha 1 [ 10331 ]

Fix Version: 3.0.0 [ 10048 ] =>

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 20, 2011

Modified by: @dyemanov

Link: This issue is related to CORE735 [ CORE735 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Dec 1, 2011

Modified by: @AlexPeshkoff

Link: This issue is duplicated by CORE3681 [ CORE3681 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Dec 2, 2011

Modified by: @dyemanov

assignee: Alexander Peshkov [ alexpeshkoff ] => Dmitry Yemanov [ dimitr ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Dec 2, 2011

Modified by: @dyemanov

status: Open [ 1 ] => In Progress [ 3 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

summary: Metadata security hole => Metadata security hole - any user can alter/drop generators and exceptions

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

status: In Progress [ 3 ] => Open [ 1 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

Version: 2.5.1 [ 10333 ]

Version: 2.1.4 [ 10361 ]

Version: 2.5.0 [ 10221 ]

Version: 2.0.6 [ 10303 ]

Version: 3.0 Initial [ 10301 ]

Version: 2.1.3 [ 10302 ]

Version: 2.1.2 [ 10270 ]

Version: 2.0.5 [ 10222 ]

Version: 2.1.1 [ 10223 ]

Version: 2.1.0 [ 10041 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Mar 27, 2014

Modified by: @pcisar

Link: This issue is related to QA500 [ QA500 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Oct 18, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment