Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows administrator gets RDB$ADMIN role when this is not expected [CORE3329] #3695

Closed
firebird-automations opened this issue Feb 2, 2011 · 5 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

This was reported to me privately by Paul Vinkenoog.

If someone has been granted the RDB$ADMIN role in a user database, he must specify it when connecting in order to exercise the privileges that come with it.
However, I have observed the following:
Grantee is a Windows administrator.
If he logs in with an empty role, CURRENT_ROLE is RDB$ADMIN.
Please notice that AUTO ADMIN MAPPING is off in the database, so that's not the explanation.

Commits: 1633598 491ce86

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

This issue is not critical for security - user gets role which he is granted, just not requested this time. Though certainly it was worth fixing.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5.1 [ 10333 ]

Fix Version: 3.0 Alpha 1 [ 10331 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants