[Firebird-devel] [FB-Tracker] Created: (CORE-4342) non-privileged user can delete records from RDB$SECURITY_CLASSES table

Pavel Zotov (JIRA) Sat, 15 Feb 2014 02:55:01 -0800

non-privileged user can delete records from RDB$SECURITY_CLASSES table
----------------------------------------------------------------------


                 Key: CORE-4342
                 URL: http://tracker.firebirdsql.org/browse/CORE-4342
             Project: Firebird Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 3.0 Alpha 2
            Reporter: Pavel Zotov


Starting script for creating users BOSS & ZERO and roles RBOSS & RZERO  see in 
http://tracker.firebirdsql.org/browse/CORE-4341 (I'm not sure is this related 
to that ticket or no).

$ /opt/fb30trnk/bin/isql localhost/3333:sec -user zero -pas zero -role RZERO
Database:  localhost/3333:sec, User: zero, Role: RZERO
SQL> set list on;
SQL> select current_role, current_user from rdb$database;

ROLE                            RZERO
USER                            ZERO

SQL> select count(*) from rdb$security_classes  rc where rc.rdb$ACL containing 
'boss';

COUNT                           2


SQL> set blob all;
SQL> select * from rdb$security_classes  rc where rc.rdb$ACL containing 'boss';

RDB$SECURITY_CLASS              SQL$356                                         
                 
RDB$ACL                         9:a4c
                ACL version 1
                        person: SYSDBA, privileges: (alter, control, drop, 
insert, update, delete, select, references)
                        role: RBOSS, privileges: (insert, update, delete, 
select, references)

RDB$DESCRIPTION                 <null>

RDB$SECURITY_CLASS              SQL$DEFAULT4                                    
                 
RDB$ACL                         9:a4d
                ACL version 1
                        person: SYSDBA, privileges: (alter, control, drop, 
insert, update, delete, select, references)
                        role: RBOSS, privileges: (insert, update, delete, 
select, references)

RDB$DESCRIPTION                 <null>


SQL> delete from rdb$security_classes  rc where rc.rdb$ACL containing 'boss';
SQL> commit;

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

[Firebird-devel] [FB-Tracker] Created: (CORE-4342) non-privileged user can delete records from RDB$SECURITY_CLASSES table

Reply via email to