New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No error if the GRANT target object does not exist [CORE5755] #6018
Comments
Modified by: @dyemanovsummary: Existing a subject of privileges => No error if the GRANT target object does not exist |
Modified by: @romansimakovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 4.0 Beta 1 [ 10750 ] Fix Version: 3.0.4 [ 10863 ] assignee: Roman Simakov [ roman-simakov ] |
Commented by: @pavel-zotov set bail on; set term ^; create or alter package pkg_test as recreate package body pkg_test as recreate sequence g_test; set bail off; grant create table to function wrong_test; grant select on table_test to function wrong_func; grant execute on procedure sp_test to wrong_func; grant execute on function fn_test to wrong_func; grant execute on package pkg_test to wrong_func; grant usage on sequence g_test to wrong_func; grant usage on exception x_test to wrong_func; 1) No error on last 5 statements. Is it OK ? PS. Checked on: ISQL Version: WI-T4.0.0.998 Firebird 4.0 Alpha 1 |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Done with caveats Test Details: grant execute on proc|func|package and grant usage on sequence|exception -- still does NOT produce error/warning. |
Commented by: @romansimakov > grant usage on exception x_test to wrong_func; Yes. In this case wrong_func is not func :) it's non existing user to which it's possible to grant privileges. It was always so and I leave it so. |
Commented by: @romansimakov > 2) IMO, specifying non-existing target object should produce WARNING rather than ERROR. At least in 3.x which was released more than 2 years ago. I tend to consider it as security bug and prefer to have an error. |
Submitted by: @romansimakov
We have no check of existance a subjects of privileges. I.e.
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'a';
SQL> create table t(i integer);
SQL> grant select on t to function wrong_func;
SQL> show function wrong_func;
There is no user-defined function WRONG_FUNC in this database
We cannot check of existance user in such case but when we grant privilege to the database object we need to do it.
Commits: 2bad53c 09c1ccc
====== Test Details ======
grant execute on proc|func|package and grant usage on sequence|exception -- still does NOT produce error/warning.
The text was updated successfully, but these errors were encountered: