New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unprivileged user can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS [CORE3735] #4080
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Commented by: @dyemanov It should be prohibited for collations in v3. Perhaps for charsets too, I don't remember (it would be trivial to fix otherwise). As for RDB$DATABASE, I suppose a special solution (not ACL related) should be applied. The easiest thing would be to just unconditionally prohibit deletions from this table for everyone. |
Modified by: @pavel-zotovdescription: [firebird@firebirdG empbuild]$ isql => ISQL Version: LI-V2.5.2.26390 Firebird 2.5 [firebird@firebirdG empbuild]$ isql |
Modified by: @dyemanovassignee: Alexander Peshkov [ alexpeshkoff ] => Dmitry Yemanov [ dimitr ] |
Modified by: @dyemanovVersion: 2.5.1 [ 10333 ] Version: 2.1.4 [ 10361 ] Version: 2.5.0 [ 10221 ] Version: 2.0.6 [ 10303 ] Version: 3.0 Initial [ 10301 ] Version: 2.1.3 [ 10302 ] Version: 2.1.2 [ 10270 ] Version: 2.0.5 [ 10222 ] Version: 2.1.1 [ 10223 ] Version: 2.1.0 [ 10041 ] Component: Engine [ 10000 ] |
Modified by: @dyemanovstatus: Open [ 1 ] => In Progress [ 3 ] |
Commented by: Claudio Valderrama C. (robocop) Prohibit deletions, insertions and modifications. AFAIK, writing there is not the user business. |
Commented by: @pavel-zotov > writing there is not the user business. nobody knows which knowledges and skills are in heads of our users... |
Commented by: @dyemanov Deletions can be prohibited unconditionally, hence my suggestion. Insertions and modifications require special checks because these operations can be performed by the engine itself. |
Modified by: @dyemanovsummary: user without any rights can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS => Unprivileged user can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS |
Modified by: @dyemanovstatus: In Progress [ 3 ] => Open [ 1 ] |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Alpha 1 [ 10331 ] |
Commented by: @pavel-zotov sorry, I forgot about this ticket and have added some comments to another one (CORE3797). Suddenly encountered that non-priviledged user can also delete the following objects that were created by SYSDBA: |
Commented by: @dyemanov This was known and fixed as well. |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: Done successfully => Done with caveats Test Details: 17.12.2016: it seems that we have to reduce value of min_profit_for_fetches from 2.5 to 2.35: Sent letter to dimitr, hvlad 17.12.2016 10:33, waiting for reply. |
Submitted by: @pavel-zotov
Is related to QA570
Relate to CORE4731
ISQL Version: LI-V2.5.2.26390 Firebird 2.5
Server version:
LI-V2.5.2.26390 Firebird 2.5
[firebird@firebirdG empbuild]$ isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'aaa.fdb'; commit;
SQL> connect aaa.fdb user usrxxx password 123;
Database: aaa.fdb, User: usrxxx
SQL> delete from rdb$collations;
SQL> commit;
Segmentation fault (core dumped)
Commits: f011229
====== Test Details ======
17.12.2016: it seems that we have to reduce value of min_profit_for_fetches from 2.5 to 2.35:
detected several times violation of this threshold, starting from 4.0.0.459 (date: ~ 25-Nov-2016).
Examples:
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.459/
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.463/
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.466/
Sent letter to dimitr, hvlad 17.12.2016 10:33, waiting for reply.
The text was updated successfully, but these errors were encountered: