Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DDL permission do not protect against removal BLOB filters [CORE4522] #4840

Closed
firebird-automations opened this issue Aug 17, 2014 · 4 comments
Closed

DDL permission do not protect against removal BLOB filters [CORE4522] #4840

firebird-automations opened this issue Aug 17, 2014 · 4 comments
Assignees
@romansimakov
Labels
affect-version: 3.0 Alpha 2 component: engine fix-version: 3.0 Beta 1 priority: major type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @sim1984

It seems that the DLL permissions protects not all objects. In particular, I conducted an experiment on BLOB filters. Creating a new filter is effectively prohibited for any user. But the removal could be unpriveleged user. Probable cause, it seems to me, in a lack of ownership for the filters.

Unlike other objects in the system table RDB$FILTERS I did not see the field RDB$OWNER_NAME.

Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:test' user 'sysdba' password 'masterkey';
Database: 'localhost:test', User: sysdba
SQL> show version;
ISQL Version: WI-T3.0.0.31288 Firebird 3.0 Alpha 2
Server version:
Firebird/Windows/AMD/Intel/x64 (access method), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2"
Firebird/Windows/AMD/Intel/x64 (remote server), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
Firebird/Windows/AMD/Intel/x64 (remote interface), version
"WI-T3.0.0.31288 Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
on disk structure version 12.0
SQL> DECLARE FILTER DESC_FILTER
CON> INPUT_TYPE 1
CON> OUTPUT_TYPE -4
CON> ENTRY_POINT 'desc_filter'
CON> MODULE_NAME 'FILTERLIB';
SQL> show filters;
DESC_FILTER

Quit from ISQL. Reconnect in the isql window leads to the crash server (see CORE4506).

Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:test' user 'test' password 'test';
Database: 'localhost:test', User: test
SQL> show filters;
DESC_FILTER
SQL> drop filter DESC_FILTER;
SQL> show filters;
There are no filters in this database
SQL> show version;
ISQL Version: WI-T3.0.0.31288 Firebird 3.0 Alpha 2
Server version:
Firebird/Windows/AMD/Intel/x64 (access method), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2"
Firebird/Windows/AMD/Intel/x64 (remote server), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
Firebird/Windows/AMD/Intel/x64 (remote interface), version
"WI-T3.0.0.31288 Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
on disk structure version 12.0
SQL> DECLARE FILTER DESC_FILTER
CON> INPUT_TYPE 1
CON> OUTPUT_TYPE -4
CON> ENTRY_POINT 'desc_filter'
CON> MODULE_NAME 'FILTERLIB';
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-DECLARE FILTER DESC_FILTER failed
-There is no privilege for this operation
SQL>

Commits: 6703f3a FirebirdSQL/fbt-repository@fcc4d22
@firebird-automations
Copy link
Collaborator Author

Modified by: @romansimakov

assignee: Roman Simakov [ roman-simakov ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @romansimakov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 Beta 1 [ 10332 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romansimakov romansimakov

Labels
affect-version: 3.0 Alpha 2 component: engine fix-version: 3.0 Beta 1 priority: major type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romansimakov @firebird-automations