You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RDB$TRIGGER9 checks that object exists. After adding USAGE privilege on generator and exception related checks were not added to RDB$TRIGGER9. As result we can grant privilege to non existing object. In the same time it's reaaly hard to maintain system triggers in clean BLR code and after protecting system tables from modifications we may move such checks to engine.
create table t(i integer);
grant update(c) on table t to user u;
grant select on v to user u;
grant execute on procedure p to user u;
grant execute on function f to user u;
grant execute on package p to user u;
grant usage on exception e to user u;
grant usage on generator g to user u;
grant usage on sequence s to user u;
create view v(i) as select i from t;
grant select on table v to user u;
Submitted by: @romansimakov
RDB$TRIGGER9 checks that object exists. After adding USAGE privilege on generator and exception related checks were not added to RDB$TRIGGER9. As result we can grant privilege to non existing object. In the same time it's reaaly hard to maintain system triggers in clean BLR code and after protecting system tables from modifications we may move such checks to engine.
Commits: a01d81d 364e29a
The text was updated successfully, but these errors were encountered: