Derby
  1. Derby
  2. DERBY-1708

Unprivileged user can perform lock table statement on a table which he/she does not have any access rights

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.2.1.6
    • Fix Version/s: 10.2.1.6, 10.3.1.4
    • Component/s: SQL
    • Labels:
      None
    • Environment:
      Sun JDK 1.4.2
    • Urgency:
      Urgent

      Description

      An unprivileged user was able to lock a table for which he/she does not own. e.g.:

      ij version 10.2
      ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
      WARNING 01J14: SQL authorization is being used without first enabling authentication.
      ij> create table t1 (i int);
      0 rows inserted/updated/deleted
      ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
      WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
      WARNING 01J14: SQL authorization is being used without first enabling authentication.
      ij(USER2)> autocommit off;
      ij(USER2)> lock table user1.t1 in exclusive mode;
      0 rows inserted/updated/deleted

      sysinfo:
      ------------------ Java Information ------------------
      Java Version: 1.4.2_12
      Java Vendor: Sun Microsystems Inc.
      Java home: C:\Program Files\Java\j2re1.4.2_12
      Java classpath: derby.jar;derbytools.jar;.
      OS name: Windows XP
      OS architecture: x86
      OS version: 5.1
      Java user name: Yip
      Java user home: C:\Documents and Settings\Yip
      Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
      java.specification.name: Java Platform API Specification
      java.specification.version: 1.4
      --------- Derby Information --------
      JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
      [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
      [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
      )
      ------------------------------------------------------
      ----------------- Locale Information -----------------
      Current Locale : [English/United States [en_US]]
      Found support for locale: [de_DE]
      version: 10.2.1.0 - (430903)
      Found support for locale: [es]
      version: 10.2.1.0 - (430903)
      Found support for locale: [fr]
      version: 10.2.1.0 - (430903)
      Found support for locale: [it]
      version: 10.2.1.0 - (430903)
      Found support for locale: [ja_JP]
      version: 10.2.1.0 - (430903)
      Found support for locale: [ko_KR]
      version: 10.2.1.0 - (430903)
      Found support for locale: [pt_BR]
      version: 10.2.1.0 - (430903)
      Found support for locale: [zh_CN]
      version: 10.2.1.0 - (430903)
      Found support for locale: [zh_TW]
      version: 10.2.1.0 - (430903)
      ------------------------------------------------------

      1. derby1708-10.2-diff01.txt
        4 kB
        Yip Ng
      2. derby1708-10.2-stat01.txt
        0.3 kB
        Yip Ng
      3. derby1708-trunk-diff01.txt
        4 kB
        Yip Ng
      4. derby1708-trunk-stat01.txt
        0.3 kB
        Yip Ng

        Issue Links

          Activity

          Hide
          Rajesh Kartha added a comment -

          This issue needs resolution for 10.2, hence bumping the urgency.

          Show
          Rajesh Kartha added a comment - This issue needs resolution for 10.2, hence bumping the urgency.
          Hide
          Yip Ng added a comment -

          Attaching patch for DERBY-1708 for 10.2. The problem is that the lock table statement is missing the logic to collect the required privilege at compilation phase; thus, it fails to enforce the required privilege needed by the statement at execution time. Running derbyall now. The patch is ready for review.

          Show
          Yip Ng added a comment - Attaching patch for DERBY-1708 for 10.2. The problem is that the lock table statement is missing the logic to collect the required privilege at compilation phase; thus, it fails to enforce the required privilege needed by the statement at execution time. Running derbyall now. The patch is ready for review.
          Hide
          Yip Ng added a comment -

          derbyall passes, no new regression introduced with this patch.

          Show
          Yip Ng added a comment - derbyall passes, no new regression introduced with this patch.
          Hide
          Mike Matrigali added a comment -

          it looks like this patch no longer applies as there have been subsequent changes to the grantRevokeddl test, could you submit a new patch:

          m3_142:131>patch --dry-run -p0 -i c:/tmp/derby1708-10.2-diff01.txt
          patching file `java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java'

          patching file `java/testing/org/apache/derbyTesting/functionTests/tests/lang/gra
          ntRevokeDDL.sql'
          Hunk #1 FAILED at 1782.
          1 out of 1 hunk FAILED – saving rejects to java/testing/org/apache/derbyTesting
          /functionTests/tests/lang/grantRevokeDDL.sql.rej
          patching file `java/testing/org/apache/derbyTesting/functionTests/master/grantRe
          vokeDDL.out'
          Hunk #1 FAILED at 2834.
          1 out of 1 hunk FAILED – saving rejects to java/testing/org/apache/derbyTesting
          /functionTests/master/grantRevokeDDL.out.rej

          Show
          Mike Matrigali added a comment - it looks like this patch no longer applies as there have been subsequent changes to the grantRevokeddl test, could you submit a new patch: m3_142:131>patch --dry-run -p0 -i c:/tmp/derby1708-10.2-diff01.txt patching file `java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java' patching file `java/testing/org/apache/derbyTesting/functionTests/tests/lang/gra ntRevokeDDL.sql' Hunk #1 FAILED at 1782. 1 out of 1 hunk FAILED – saving rejects to java/testing/org/apache/derbyTesting /functionTests/tests/lang/grantRevokeDDL.sql.rej patching file `java/testing/org/apache/derbyTesting/functionTests/master/grantRe vokeDDL.out' Hunk #1 FAILED at 2834. 1 out of 1 hunk FAILED – saving rejects to java/testing/org/apache/derbyTesting /functionTests/master/grantRevokeDDL.out.rej
          Hide
          Yip Ng added a comment -

          Submitting patch derby1708-trunk.diff01.txt for trunk.

          Show
          Yip Ng added a comment - Submitting patch derby1708-trunk.diff01.txt for trunk.
          Hide
          Rick Hillegas added a comment -

          Assign to 10.2.

          Show
          Rick Hillegas added a comment - Assign to 10.2.
          Hide
          Mike Matrigali added a comment -

          I am looking at building/testing this patch against the trunk, would appreciate at least one other person to review.

          Show
          Mike Matrigali added a comment - I am looking at building/testing this patch against the trunk, would appreciate at least one other person to review.
          Hide
          Mike Matrigali added a comment -

          committed to trunk:
          m1_142:148>svn commit

          Sending java\engine\org\apache\derby\impl\sql\compile\LockTableNode.java
          Sending java\testing\org\apache\derbyTesting\functionTests\master\grantRevokeDDL.out
          Sending java\testing\org\apache\derbyTesting\functionTests\tests\lang\grantRevokeDDL.sql
          Transmitting file data ...
          Committed revision 434577.

          Show
          Mike Matrigali added a comment - committed to trunk: m1_142:148>svn commit Sending java\engine\org\apache\derby\impl\sql\compile\LockTableNode.java Sending java\testing\org\apache\derbyTesting\functionTests\master\grantRevokeDDL.out Sending java\testing\org\apache\derbyTesting\functionTests\tests\lang\grantRevokeDDL.sql Transmitting file data ... Committed revision 434577.
          Hide
          Mamta A. Satoor added a comment -

          I realize that the patch for this jira entry is already committed but just wanted to share that I reviewed the patch and it looks good. Thanks, Yip.

          Show
          Mamta A. Satoor added a comment - I realize that the patch for this jira entry is already committed but just wanted to share that I reviewed the patch and it looks good. Thanks, Yip.
          Hide
          Yip Ng added a comment -

          Thanks for taking the time to review the patch, Mamta.

          Show
          Yip Ng added a comment - Thanks for taking the time to review the patch, Mamta.
          Hide
          Yip Ng added a comment -

          Thanks for reviewing and committing the patch, Mike.

          Show
          Yip Ng added a comment - Thanks for reviewing and committing the patch, Mike.
          Hide
          Rick Hillegas added a comment -

          Ported DERBY-1708 (434577) to 10.2 branch at subversion revision 436929.

          Show
          Rick Hillegas added a comment - Ported DERBY-1708 (434577) to 10.2 branch at subversion revision 436929.
          Hide
          Mike Matrigali added a comment -

          patch has been applied to trunk and 10.2, unchecking patch available.

          Show
          Mike Matrigali added a comment - patch has been applied to trunk and 10.2, unchecking patch available.
          Hide
          Andrew McIntyre added a comment -

          This issue has been resolved for over a year with no further movement. Closing.

          Show
          Andrew McIntyre added a comment - This issue has been resolved for over a year with no further movement. Closing.

            People

            • Assignee:
              Yip Ng
              Reporter:
              Yip Ng
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development