You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke
Database: TCHK.FDB, User: sysdba
SQL> create sequence gen_tns; commit;
SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit;
SQL> create user tu0 password 'tu0'; commit;
SQL> connect tchk.fdb user tu0 password tu0;
Database: tchk.fdb, User: tu0 ------------------- since that point we are connected without any rights
SQL> delete from rdb$generators where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$collations where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$triggers where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS -- only that works Ok
The text was updated successfully, but these errors were encountered:
summary: user without any rights can delete sequences, collations and even triggers with rdb$system_flag=0 => Unprivileged user is allowed to drop any sequences and collations
Submitted by: @pavel-zotov
Duplicates CORE304
C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke
Database: TCHK.FDB, User: sysdba
SQL> create sequence gen_tns; commit;
SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit;
SQL> create user tu0 password 'tu0'; commit;
SQL> connect tchk.fdb user tu0 password tu0;
Database: tchk.fdb, User: tu0 ------------------- since that point we are connected without any rights
SQL> delete from rdb$generators where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$collations where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$triggers where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS -- only that works Ok
The text was updated successfully, but these errors were encountered: