Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6411

Minimal select privilege should be checked in subqueries

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.10.1.1
    • 10.10.2.0, 10.11.1.1
    • SQL
    • None

    Description

      DERBY-4191 added checks for minimal select privilege in cases where a SELECT query didn't access any actual column in the base table, such as SELECT COUNT FROM USER1.T and SELECT 1 FROM USER1.T. That privilege checking is only done for top-level SELECT statements. It should also be done for subqueries.

      Examples of queries where Derby does not currently check for minimal select privileges on the accessed tables (performed as USER2, which has no privileges on any of USER1's tables):

      SELECT * FROM (SELECT COUNT FROM USER1.T) S

      SELECT 1 FROM USER1.T UNION SELECT 2 FROM USER1.T

      INSERT INTO USER2.T SELECT 1 FROM USER1.T

      I believe that the above statements should have failed, but currently they succeed.

      Attachments

        1. d6411-1a.diff
          17 kB
          Knut Anders Hatlen

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-4191 Lack of SELECT privilege does not prevent SELECT COUNT(*)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              knutanders Knut Anders Hatlen
              knutanders Knut Anders Hatlen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: