SQL SECURITY DEFINER context is not properly evaluated for monitoring tables
-----------------------------------------------------------------------------
Key: CORE-5892
URL: http://tracker.firebirdsql.org/browse/CORE-5892
Project: Firebird Core
Issue Type: Bug
Components: Engine
Affects Versions: 4.0 Alpha 1
Environment: FB 4.0.0.1163 Win32 snapshot build, Windows 10
Reporter: michalk1
The new FB4 SQL SECURITY feature doesn't seem to work properly when used
together with monitoring tables (copied from CORE-2557 comments):
The following procedure created by SYSDBA returns all connections when run by
SYSDBA. But when run by an ordinary user, it sees only that user's connections.
CREATE PROCEDURE TEST
RETURNS (CONCNT INTEGER)
SQL SECURITY DEFINER
AS
BEGIN
select count (*) from mon$attachments into :CONCNT;
suspend;
END^
GRANT EXECUTE ON PROCEDURE TEST TO PUBLIC^
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
