DB2 - Problembeschreibung
Problem IC68015 | Status: Geschlossen |
SECURITY: FUNCTIONS ARE NOT INVALIDATED NOR DROPPED ALTHOUGH OWNER LOSES PRIVILEGES VIA PUBLIC TO ACCESS UNDERLYING OBJECTS. | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 | |
Problembeschreibung: | |
When privileges on a database object are revoked from PUBLIC, the dependent functions are not being marked INVALID. Hence, users with execute privilege on the function are still able to call it successfully. If already impacted by this APAR, affected functions should either be dropped and recreated manually or the owner of the functions should be granted sufficient privilege to access underlying database objects as appropriate. | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All DB2 Version 9.7 GA through to Fix Pack 2 servers * * onLinux, Unix and Windows that rely on privileges to PUBLIC * * tocontrol privileges. * **************************************************************** * PROBLEM DESCRIPTION: * * Incorrect checking leads to an exposure where users arestill * * able to use functions that depend on other databaseobjects, * * for which privileges have been revoked via PUBLIC. * **************************************************************** * RECOMMENDATION: * * Grant privileges explicitly to groups, roles or usersinstead * * of relying on privileges via PUBLIC. * **************************************************************** | |
Local-Fix: | |
Grant and revoke privileges to specific users, groups or roles on database objects that user defined functions depend on instead of to PUBLIC. Otherwise, apply DB2 Version 9.7 Fix Pack 3. | |
verfügbare FixPacks: | |
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows | |
Lösung | |
Problem first fixed in DB2 Version 9.7 Fix Pack 3 and all subsequent Fix Packs. | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Bug-Verfolgung | |
Vorgänger : APAR is sysrouted TO one or more of the following: IC69537 Nachfolger : | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 19.04.2010 14.09.2010 20.09.2010 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.7.FP3 | |
Problem behoben lt. FixList in der Version |