DDL permission do not protect against removal BLOB filters
----------------------------------------------------------
Key: CORE-4522
URL: http://tracker.firebirdsql.org/browse/CORE-4522
Project: Firebird Core
Issue Type: Bug
Components: Engine
Affects Versions: 3.0 Alpha 2
Reporter: Simonov Denis
It seems that the DLL permissions protects not all objects. In particular, I
conducted an experiment on BLOB filters. Creating a new filter is effectively
prohibited for any user. But the removal could be unpriveleged user. Probable
cause, it seems to me, in a lack of ownership for the filters.
Unlike other objects in the system table RDB$FILTERS I did not see the field
RDB$OWNER_NAME.
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:test' user 'sysdba' password 'masterkey';
Database: 'localhost:test', User: sysdba
SQL> show version;
ISQL Version: WI-T3.0.0.31288 Firebird 3.0 Alpha 2
Server version:
Firebird/Windows/AMD/Intel/x64 (access method), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2"
Firebird/Windows/AMD/Intel/x64 (remote server), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
Firebird/Windows/AMD/Intel/x64 (remote interface), version
"WI-T3.0.0.31288 Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
on disk structure version 12.0
SQL> DECLARE FILTER DESC_FILTER
CON> INPUT_TYPE 1
CON> OUTPUT_TYPE -4
CON> ENTRY_POINT 'desc_filter'
CON> MODULE_NAME 'FILTERLIB';
SQL> show filters;
DESC_FILTER
Quit from ISQL. Reconnect in the isql window leads to the crash server (see
http://tracker.firebirdsql.org/browse/CORE-4506).
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:test' user 'test' password 'test';
Database: 'localhost:test', User: test
SQL> show filters;
DESC_FILTER
SQL> drop filter DESC_FILTER;
SQL> show filters;
There are no filters in this database
SQL> show version;
ISQL Version: WI-T3.0.0.31288 Firebird 3.0 Alpha 2
Server version:
Firebird/Windows/AMD/Intel/x64 (access method), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2"
Firebird/Windows/AMD/Intel/x64 (remote server), version "WI-T3.0.0.31288
Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
Firebird/Windows/AMD/Intel/x64 (remote interface), version
"WI-T3.0.0.31288 Firebird 3.0 Alpha 2/tcp (Den-PC)/P13:C"
on disk structure version 12.0
SQL> DECLARE FILTER DESC_FILTER
CON> INPUT_TYPE 1
CON> OUTPUT_TYPE -4
CON> ENTRY_POINT 'desc_filter'
CON> MODULE_NAME 'FILTERLIB';
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-DECLARE FILTER DESC_FILTER failed
-There is no privilege for this operation
SQL>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
