Unprivileged user can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS [CORE3735] #4080
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
|
Commented by: @dyemanov It should be prohibited for collations in v3. Perhaps for charsets too, I don't remember (it would be trivial to fix otherwise). As for RDB$DATABASE, I suppose a special solution (not ACL related) should be applied. The easiest thing would be to just unconditionally prohibit deletions from this table for everyone. |
Modified by: @pavel-zotovdescription: [firebird@firebirdG empbuild]$ isql => ISQL Version: LI-V2.5.2.26390 Firebird 2.5 [firebird@firebirdG empbuild]$ isql |
Modified by: @dyemanovassignee: Alexander Peshkov [ alexpeshkoff ] => Dmitry Yemanov [ dimitr ] |
Modified by: @dyemanovVersion: 2.5.1 [ 10333 ] Version: 2.1.4 [ 10361 ] Version: 2.5.0 [ 10221 ] Version: 2.0.6 [ 10303 ] Version: 3.0 Initial [ 10301 ] Version: 2.1.3 [ 10302 ] Version: 2.1.2 [ 10270 ] Version: 2.0.5 [ 10222 ] Version: 2.1.1 [ 10223 ] Version: 2.1.0 [ 10041 ] Component: Engine [ 10000 ] |
Modified by: @dyemanovstatus: Open [ 1 ] => In Progress [ 3 ] |
|
Commented by: Claudio Valderrama C. (robocop) Prohibit deletions, insertions and modifications. AFAIK, writing there is not the user business. |
|
Commented by: @pavel-zotov > writing there is not the user business. nobody knows which knowledges and skills are in heads of our users... |
|
Commented by: @dyemanov Deletions can be prohibited unconditionally, hence my suggestion. Insertions and modifications require special checks because these operations can be performed by the engine itself. |
Modified by: @dyemanovsummary: user without any rights can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS => Unprivileged user can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS |
Modified by: @dyemanovstatus: In Progress [ 3 ] => Open [ 1 ] |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Alpha 1 [ 10331 ] |
|
Commented by: @pavel-zotov sorry, I forgot about this ticket and have added some comments to another one (CORE3797). Suddenly encountered that non-priviledged user can also delete the following objects that were created by SYSDBA: |
|
Commented by: @dyemanov This was known and fixed as well. |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: Done successfully => Done with caveats Test Details: 17.12.2016: it seems that we have to reduce value of min_profit_for_fetches from 2.5 to 2.35: Sent letter to dimitr, hvlad 17.12.2016 10:33, waiting for reply. |
Submitted by: @pavel-zotov
Is related to QA570
Relate to CORE4731
ISQL Version: LI-V2.5.2.26390 Firebird 2.5
Server version:
LI-V2.5.2.26390 Firebird 2.5
[firebird@firebirdG empbuild]$ isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'aaa.fdb'; commit;
SQL> connect aaa.fdb user usrxxx password 123;
Database: aaa.fdb, User: usrxxx
SQL> delete from rdb$collations;
SQL> commit;
Segmentation fault (core dumped)
Commits: f011229
====== Test Details ======
17.12.2016: it seems that we have to reduce value of min_profit_for_fetches from 2.5 to 2.35:
detected several times violation of this threshold, starting from 4.0.0.459 (date: ~ 25-Nov-2016).
Examples:
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.459/
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.463/
http://web.firebirdsql.org/download/prerelease/results/archive/4.0.0.466/
Sent letter to dimitr, hvlad 17.12.2016 10:33, waiting for reply.
The text was updated successfully, but these errors were encountered: