Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 93563 invoked from network); 9 Jul 2007 19:19:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Jul 2007 19:19:26 -0000 Received: (qmail 46534 invoked by uid 500); 9 Jul 2007 19:19:28 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 46510 invoked by uid 500); 9 Jul 2007 19:19:28 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 46500 invoked by uid 99); 9 Jul 2007 19:19:28 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jul 2007 12:19:28 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jul 2007 12:19:24 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 7B94071403F for ; Mon, 9 Jul 2007 12:19:04 -0700 (PDT) Message-ID: <22174918.1184008744500.JavaMail.jira@brutus> Date: Mon, 9 Jul 2007 12:19:04 -0700 (PDT) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2437) SYSCS_EXPORT_TABLE can be used to overwrite derby files In-Reply-To: <27207766.1173465789521.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511227 ] Daniel John Debrunner commented on DERBY-2437: ---------------------------------------------- Reading the password of a user in a secure system will most likely be impossible, e.g. an LDAP scheme, so that attack by the DBA might be harder, though it probably would be possible for the DBA to change the authentication to suite their attack. It's not the DBA that is the concern though, it's whoever the DBA has already granted import/export capability to. They might have granted those permissions (to execute those procedures) assuming they would not grant complete access to every database, thus bypassing grant/revoke and authentication. > SYSCS_EXPORT_TABLE can be used to overwrite derby files > ------------------------------------------------------- > > Key: DERBY-2437 > URL: https://issues.apache.org/jira/browse/DERBY-2437 > Project: Derby > Issue Type: Bug > Components: Security > Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0 > Reporter: Daniel John Debrunner > Priority: Critical > > here are no controls over which files SYSCS_EXPORT_TABLE can write, thus allowing any user that has permission to execute the procedure to try and modufy information that they have no permissions to do. > In a similar fashion to the one described in DERBY-2436 I could overwrite derby.properties at least leaqding to a dnial of service attack on the next re-boot. > With more time it might be possible to write out a valid properties file which would allow chaning the authentication, silentaly adding a new user etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.