db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2437) SYSCS_EXPORT_TABLE can be used to overwrite derby files
Date Mon, 09 Jul 2007 19:19:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511227
] 

Daniel John Debrunner commented on DERBY-2437:
----------------------------------------------

Reading the password of a user in a secure system will most likely be impossible, e.g. an
LDAP scheme, so that attack by the DBA might be harder, though it probably would be possible
for the DBA to change the authentication to suite their attack.

It's not the DBA that is the concern though, it's whoever the DBA has already granted import/export
capability to. They might have granted those permissions (to execute those procedures) assuming
they would not grant complete access to every database, thus bypassing grant/revoke and authentication.

> SYSCS_EXPORT_TABLE can be used to overwrite derby files
> -------------------------------------------------------
>
>                 Key: DERBY-2437
>                 URL: https://issues.apache.org/jira/browse/DERBY-2437
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0,
10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>
> here are no controls over which files SYSCS_EXPORT_TABLE can write, thus allowing any
user that has permission to execute the procedure to try and modufy information that they
have no permissions to do.
> In a similar fashion to the one described in DERBY-2436 I could overwrite derby.properties
at least leaqding to a dnial of service attack on the next re-boot.
> With more time it might be possible to write out a valid properties file which would
allow chaning the authentication, silentaly adding a new user etc.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message