Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unprivileged user is allowed to drop any sequences and collations [CORE3681] #1388

Closed
firebird-automations opened this issue Nov 30, 2011 · 7 comments
Closed

Unprivileged user is allowed to drop any sequences and collations [CORE3681] #1388

firebird-automations opened this issue Nov 30, 2011 · 7 comments
Labels
affect-version: 2.0.5 affect-version: 2.0.6 affect-version: 2.1.0 affect-version: 2.1.1 affect-version: 2.1.2 affect-version: 2.1.3 affect-version: 2.1.4 affect-version: 2.5.0 affect-version: 2.5.1 affect-version: 3.0 Initial component: engine priority: major resolution: duplicate type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

Duplicates CORE304

C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke
Database: TCHK.FDB, User: sysdba
SQL> create sequence gen_tns; commit;
SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit;
SQL> create user tu0 password 'tu0'; commit;
SQL> connect tchk.fdb user tu0 password tu0;
Database: tchk.fdb, User: tu0 ------------------- since that point we are connected without any rights
SQL> delete from rdb$generators where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$collations where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$triggers where rdb$system_flag=0;
SQL> commit; -- passed! why ??

SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS -- only that works Ok
@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

Well-known for generators and collations (to be fixed in v3), but I cannot confirm that for triggers. Did you really have them in the database?

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

Sorry, I had no triggers in that database.
Just now added trigger and check again - that's Ok:

SQL> delete from rdb$triggers rt where rt.rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Version: 2.5.1 [ 10333 ]

Version: 2.1.4 [ 10361 ]

Version: 2.5.0 [ 10221 ]

Version: 2.0.6 [ 10303 ]

Version: 3.0 Initial [ 10301 ]

Version: 2.1.3 [ 10302 ]

Version: 2.1.2 [ 10270 ]

Version: 2.0.5 [ 10222 ]

Version: 2.1.1 [ 10223 ]

Version: 2.1.0 [ 10041 ]

Component: Engine [ 10000 ]

summary: user without any rights can delete sequences, collations and even triggers with rdb$system_flag=0 => Unprivileged user is allowed to drop any sequences and collations

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Link: This issue duplicates CORE304 [ CORE304 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Duplicate [ 3 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affect-version: 2.0.5 affect-version: 2.0.6 affect-version: 2.1.0 affect-version: 2.1.1 affect-version: 2.1.2 affect-version: 2.1.3 affect-version: 2.1.4 affect-version: 2.5.0 affect-version: 2.5.1 affect-version: 3.0 Initial component: engine priority: major resolution: duplicate type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@firebird-automations