SQL SECURITY DEFINER context is not properly evaluated for monitoring tables [CORE5892] #6150
Assignees
Comments
Modified by: @AlexPeshkoffassignee: Roman Simakov [ roman-simakov ] |
|
Commented by: michalk1 (michalk1) Any plans to fix or circumvent this in FB 4 ? There seems to be no change in this regard in Beta 1. |
Modified by: michalk1 (michalk1)Version: 4.0 Beta 1 [ 10750 ] |
|
Commented by: @romansimakov Yes. It should be fixed definitely |
Modified by: @romansimakovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 4.0 Beta 2 [ 10888 ] |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Done successfully |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: michalk1 (michalk1)
The new FB4 SQL SECURITY feature doesn't seem to work properly when used together with monitoring tables (copied from CORE2557 comments):
The following procedure created by SYSDBA returns all connections when run by SYSDBA. But when run by an ordinary user, it sees only that user's connections.
CREATE PROCEDURE TEST
RETURNS (CONCNT INTEGER)
SQL SECURITY DEFINER
AS
BEGIN
select count (*) from mon$attachments into :CONCNT;
suspend;
END^
GRANT EXECUTE ON PROCEDURE TEST TO PUBLIC^
Commits: bb3c2e9
The text was updated successfully, but these errors were encountered: