| Subject | Security question (was: CVS: firebird2/src/jrd jrd.cpp,1.206,1.207) |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2005-04-29T11:45:12Z |
Talking about SF #1155520.
I missed in the bug report that non-database files can be everwrited too.
accordingly to the IB6 documentation is considered internal function.
After your changes the problem was exposed to gbak.
Opinions?
Adriano
I missed in the bug report that non-database files can be everwrited too.
>>Vlad Horsun wrote:AFAIK this has exposed to the user only with isc_create_database, that
>>
>>
>>
>>> Hi Adriano
>>>
>>> Unfortunately, you patch broke ability to overwrite
>>>not-a-valid-database files.
>>>
>>>
>>>
>>>
>>And your allow any user to replace not-a-valid-database files. ;-)
>>
>>
>
> AFAIK this is how engine did all the time ;)
>
>
accordingly to the IB6 documentation is considered internal function.
After your changes the problem was exposed to gbak.
>It was not user-visible "feature" AFAIK.
>
>
>>What do you think about change this
>>
>>+ else
>>+ {
>>+ // clear status after failed attach
>>+ user_status[0] = 0;
>>+ allow_overwrite = true;
>>+ }
>>
>>
>>to
>>
>> else if (tdbb->tdbb_attachment->att_user->usr_flags &
>>USR_locksmith)
>> {
>> // clear status after failed attach
>> user_status[0] = 0;
>> allow_overwrite = true;
>> }
>>
>>
>
> Why only SYSDBA can overwrite files ? I worry only to not change
>user-visible engine behavior. If we decide to change it - it must be
>discussed and documented, imho. Personally i have no objection
>
Opinions?
Adriano