Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Jiří Činčura
> How does the protocol for the database encryption callback work? If I > look at the implementation in Firebird ADO.net, it just tries and keep > sending the same key in a while loop until Firebird responds with > something other than op_crypt_key_callback, which seems a bit weird. It does. Bu

[Firebird-devel] fields packing in structures

2018-04-12 Thread Dev
Hi. And sorry for my english. Can code that uses firebird api assumes that all public structures in all platforms has a packing value (#pragma pack(x)) of: - 8 for 32-bit libraries - 16 for 64-bit libraries ? -- Check o

[Firebird-devel] fields packing in structures

2018-04-12 Thread Dev
Hi. And sorry for my english. Can code that uses firebird api assumes that all public structures in all platforms has a packing value (#pragma pack(x)) of: - 8 for 32-bit libraries - 16 for 64-bit libraries ? -- Check o

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Dimitry Sibiryakov
12.04.2018 17:51, Alex Peshkoff via Firebird-devel wrote: Other question: how does this work with named keys? Is it still a responsibility from the server-side plugin to communicate this in a implementation specific way? Yes. A little problem here: when key holder plugin can call callback i

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Alex Peshkoff via Firebird-devel
On 04/12/18 18:20, Mark Rotteveel wrote: On 12-4-2018 16:51, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 16:51, Mark Rotteveel wrote: On 12-4-2018 15:31, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 15:18, Mark Rotteveel wrote: How does the protocol for the database encryption c

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Mark Rotteveel
On 12-4-2018 16:51, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 16:51, Mark Rotteveel wrote: On 12-4-2018 15:31, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 15:18, Mark Rotteveel wrote: How does the protocol for the database encryption callback work? If I look at the implementa

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Dimitry Sibiryakov
12.04.2018 16:51, Alex Peshkoff via Firebird-devel wrote: For example - KeyHolder has a private key of RSA pair, client software - a public one. Before sending something over the wire it's encrypted with public RSA, to decrypt it private part of pair is needed. Servers that do not have right pri

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Alex Peshkoff via Firebird-devel
On 04/12/18 16:51, Mark Rotteveel wrote: On 12-4-2018 15:31, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 15:18, Mark Rotteveel wrote: How does the protocol for the database encryption callback work? If I look at the implementation in Firebird ADO.net, it just tries and keep sending the

Re: [Firebird-devel] Firebird fbudf Module Authenticated Remote Code Execution

2018-04-12 Thread marius adrian popa
So the only solution is disabling external UDF libraries from being loaded by changing configuration from UdfAccess=Restrict to UdfAccess=None On Thu, Apr 12, 2018 at 2:34 PM, Alex Peshkoff via Firebird-devel < firebird-devel@lists.sourceforge.net> wrote: > On 04/12/18 10:37, marius adrian popa w

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Mark Rotteveel
On 12-4-2018 15:31, Alex Peshkoff via Firebird-devel wrote: On 04/12/18 15:18, Mark Rotteveel wrote: How does the protocol for the database encryption callback work? If I look at the implementation in Firebird ADO.net, it just tries and keep sending the same key in a while loop until Firebird r

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Dimitry Sibiryakov
12.04.2018 15:31, Alex Peshkoff via Firebird-devel wrote: In native API it's provider-specific - after getting an instance of provider one (who needs to use database encryption) should pass callback interface to that provider. Not provider, but dispatcher. You still cannot predict what provid

Re: [Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Alex Peshkoff via Firebird-devel
On 04/12/18 15:18, Mark Rotteveel wrote: How does the protocol for the database encryption callback work? If I look at the implementation in Firebird ADO.net, it just tries and keep sending the same key in a while loop until Firebird responds with something other than op_crypt_key_callback, whi

[Firebird-devel] Protocol for database encryption callback

2018-04-12 Thread Mark Rotteveel
How does the protocol for the database encryption callback work? If I look at the implementation in Firebird ADO.net, it just tries and keep sending the same key in a while loop until Firebird responds with something other than op_crypt_key_callback, which seems a bit weird. So what is in the

Re: [Firebird-devel] Firebird fbudf Module Authenticated Remote Code Execution

2018-04-12 Thread Alex Peshkoff via Firebird-devel
On 04/12/18 10:37, marius adrian popa wrote: https://www.tenable.com/security/research/tra-2017-36 That's fixed in FB4 - loading UDFs is denied by default configuration, use of them is deprecated, replacement is UDRs which are nt affected by mentioned vulnerability. In FB3 one should be sysdb

[Firebird-devel] Firebird fbudf Module Authenticated Remote Code Execution

2018-04-12 Thread marius adrian popa
https://www.tenable.com/security/research/tra-2017-36 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdotFirebird-Devel mailing list, web interface