Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!husc6!cmcl2!brl-adm!angel From: angel@brl-adm.ARPA (Rick Angelini ) Newsgroups: comp.databases Subject: More on RTI Security Hole Message-ID: <9199@brl-adm.ARPA> Date: Tue, 8-Sep-87 15:39:35 EDT Article-I.D.: brl-adm.9199 Posted: Tue Sep 8 15:39:35 1987 Date-Received: Thu, 10-Sep-87 02:04:26 EDT Distribution: na Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 25 Keywords: Ingres Security Hole exists MORE INVESTIGATION on ..... To: manatt@lll-winken.ARPA Subject: Re: Security hole in RTI ingres Newsgroups: comp.databases ------------------------------------------- I have done further investigation since my previous message about updating system catalogs ...... Yes, there is indeed a hole in the table permissions. A user may append/delete/modify any system table, without special flags or special permissions. There exists a flag in the user profile which determines whether or not a particular user is permitted to updates system tables, but Ingres appears to ignore that flag. The hardest part of any user updating the system tables in knowing the names of the system tables, 'cause they don't show up on a 'help' command. So, to recap, as long as the user uses the Ingres "front ends" such as Vigraph or Vifred, the system tables will not be corrupted. The worst that will happen is that there will be two forms of the same name, one owned by the Db owner, the other owned by the user. However, if the user gets nasty and goes into "quel" and does a "delete iiqbfinfo\g", that system table will have zero rows in it. Not very nice, is it?