user without any rights can delete sequences, collations and even triggers with
rdb$system_flag=0
-------------------------------------------------------------------------------------------------
Key: CORE-3681
URL: http://tracker.firebirdsql.org/browse/CORE-3681
Project: Firebird Core
Issue Type: Bug
Reporter: Pavel Zotov
C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke
Database: TCHK.FDB, User: sysdba
SQL> create sequence gen_tns; commit;
SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit;
SQL> create user tu0 password 'tu0'; commit;
SQL> connect tchk.fdb user tu0 password tu0;
Database: tchk.fdb, User: tu0 ------------------- since that point we are
connected without any rights
SQL> delete from rdb$generators where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$collations where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$triggers where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS -- only that works Ok
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
