| Subject | Re: [Firebird-Architect] Security question (was: CVS: firebird2/src/jrd jrd.cpp,1.206,1.207) |
|---|---|
| Author | Dmitry Yemanov |
| Post date | 2005-05-01T14:34:22Z |
"Adriano dos Santos Fernandes" <adrianosf@...> wrote:
database creation:
1) Database exists - overwrite is allowed for SYSDBA/owner
2) File exists, but this is not a FB database - ???
3) File doesn't exist - creation is allowed for every user
AFAIU, item (1) is partially broken now, because the status vector is not
cleared for a handled error.
Item (2) requires more thinking. The legacy behaviour is that every user can
overwrite non-database files. Another possible option is to restrict such an
operation to SYSDBA only. And we also could reject all such attempts. I'd
suggest that we rollback to the legacy behaviour for Alpha 2 and continue
thinking after that. I'd pretty much hate to defer the Alpha 2 release
because of that as well as release it incompatible with older versions.
Dmitry
>In other words, we have three ways to process the overwrite flag during
> Talking about SF #1155520.
> I missed in the bug report that non-database files can be everwrited too.
database creation:
1) Database exists - overwrite is allowed for SYSDBA/owner
2) File exists, but this is not a FB database - ???
3) File doesn't exist - creation is allowed for every user
AFAIU, item (1) is partially broken now, because the status vector is not
cleared for a handled error.
Item (2) requires more thinking. The legacy behaviour is that every user can
overwrite non-database files. Another possible option is to restrict such an
operation to SYSDBA only. And we also could reject all such attempts. I'd
suggest that we rollback to the legacy behaviour for Alpha 2 and continue
thinking after that. I'd pretty much hate to defer the Alpha 2 release
because of that as well as release it incompatible with older versions.
Dmitry