db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Matrigali (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-2437) SYSCS_EXPORT_TABLE can be used to overwrite derby files
Date Mon, 09 Jul 2007 18:32:04 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mike Matrigali updated DERBY-2437:
----------------------------------


I would like to see a discussion of the right way to fix the import and export issue.  The
following is only a stop gap but may be better than nothing, but may be easy and at least
plug some holes.  What about changing export to not do the write if the file already exists.
 At least that stops over-writing exising database and property files.  Adding new database
files does not do much as the system has to find them in existing system catalogs.  

Does not solve creating a new property file where one did not exist.  
Does not solve creating new  recovery log files with just the right name and crashing the
system to get it to use those files.  

Also may create an upward incompatibility where we use to allow overwrite.  We certainly don't
document that we allow that.  Seems like most would not complain if we gave a reasonable error
message saying export failed because a file with that name already existed, and to delete
the file and retry the export.  

> SYSCS_EXPORT_TABLE can be used to overwrite derby files
> -------------------------------------------------------
>
>                 Key: DERBY-2437
>                 URL: https://issues.apache.org/jira/browse/DERBY-2437
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0,
10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>
> here are no controls over which files SYSCS_EXPORT_TABLE can write, thus allowing any
user that has permission to execute the procedure to try and modufy information that they
have no permissions to do.
> In a similar fashion to the one described in DERBY-2436 I could overwrite derby.properties
at least leaqding to a dnial of service attack on the next re-boot.
> With more time it might be possible to write out a valid properties file which would
allow chaning the authentication, silentaly adding a new user etc.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message