Function AUTHNAME causes core
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Trafodion |
New
|
Low
|
Roberta Marton |
Bug Description
The AUTHNAME function converts an authorization ID into its character representation. It does this by reading the AUTHS table via the ID and retrieves the database name. If someone tries to run this command and they do not have SELECT privilege on the AUTHS table, either an unexpected error is returned or a core dump is generated.
To recreate:
initialize authorization;
grant select on "_MD_".objects to sql_user1;
grant select on "_PRIVMGR_MD_". object_privileges to sql_user1;
sqlci -u sql_user
select distinct
substring (object_name,1,40) as object_name,
object_type as type,
substring(
substring(
sch.
sch.
from "_PRIVMGR_
where object_uid in
(select object_uid
from "_MD_".objects
where schema_name like 'T134_%')
order by 1, 2, 3, 4, 5
;
*** ERROR[8731] 33335 could not be verified as a valid database authorization ID. There was a problem reading metadata. An internal query returned SQLCODE -4481.
Error 4481 means you don’t have the privilege and sql_user1 does not have the SELECT privilege on the AUTHS table.
If you execute the request a second time, you get a core dump with the following stack trace. It looks like the destructor from the ComDiags is failing. Maybe its occurring because some memory has already been deleted before the ComDiags destructor get called.
Program received signal SIGABRT, Aborted.
0x00000033ef8328a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00000033ef8328a5 in raise () from /lib64/libc.so.6
#1 0x00000033ef834085 in abort () from /lib64/libc.so.6
#2 0x00007ffff70e6a55 in os::abort(bool) () from /opt/home/
#3 0x00007ffff7266f87 in VMError:
#4 0x00007ffff70eb96f in JVM_handle_
#5 <signal handler called>
#6 0x00007ffff42f6e10 in NAHeapFragment:
#7 0x00007ffff42f7f7d in NAHeap:
at ../common/
#8 0x00007ffff42f83f3 in NAHeap:
at ../common/
#9 0x00007ffff42f39e3 in NAHeap:
at ../common/
#10 0x00007ffff42eec0f in NAMemory:
at ../common/
#11 0x00007ffff5bfdb88 in NACollection<
at ../common/
#12 0x00007ffff5bfd09f in NACollection<
__in_
#13 0x00007ffff5bfc52e in NAList<
__in_
#14 0x00007ffff5bf78b3 in ComDiagsArea:
at ../export/
#15 0x00007ffff5bfb4bf in ComDiagsArea:
#16 0x00007ffff5eb5ad3 in ComDiagsArea:
#17 0x00007ffff5bf3f0c in ComDiagsArea:
#18 0x00007ffff5ea1820 in atp_struct:
#19 0x00007ffff48218f0 in atp_struct::release (this=0x7fffe89
#20 0x00007ffff488ba30 in ex_queue:
#21 0x00007ffff488b08a in ex_queue::~ex_queue (this=0x7fffe89
at ../executor/
#22 0x00007ffff488b0fa in ex_queue::~ex_queue (this=0x7fffe89
at ../executor/
#23 0x00007ffff48afcae in ExSortTcb:
#24 0x00007ffff48afb6c in ExSortTcb:
at ../executor/
#25 0x00007ffff48afc14 in ExSortTcb:
at ../executor/
#26 0x00007ffff485885f in ex_globals:
#27 0x00007ffff48586e1 in ex_globals:
#28 0x00007ffff483948c in ExExeStmtGlobal
---Type <return> to continue, or q <return> to quit---
at ../executor/
#29 0x00007ffff4839ef9 in ExMasterStmtGlo
at ../executor/
#30 0x00007ffff4892c52 in ex_root_
0x7fffe89fa3e8) at ../executor/
#31 0x00007ffff5ef4c67 in CliStatement:
#32 0x00007ffff5ef4e28 in CliStatement:
#33 0x00007ffff5ee6bb2 in CliStatement:
at ../cli/
#34 0x00007ffff5ee76c4 in CliStatement:
at ../cli/
#35 0x00007ffff5ea9a60 in ContextCli:
at ../cli/
#36 0x00007ffff5e74af7 in SQLCLI_DeallocStmt (cliGlobals=
#37 0x00007ffff5f067a9 in SQL_EXEC_
#38 0x00007ffff79b58db in SqlCmd::deallocate (sqlci_
#39 0x00007ffff79b5e4e in DML::process (this=0x184ff20, sqlci_env=0xb88420) at ../sqlci/
#40 0x00007ffff799fbba in SqlciEnv:
at ../sqlci/
#41 0x00007ffff799f2fb in SqlciEnv::run (this=0xb88420) at ../sqlci/
#42 0x0000000000402089 in main (argc=3, argv=0x7fffffff
Changed in trafodion: | |
importance: | Undecided → High |
assignee: | nobody → Roberta Marton (roberta-marton) |
milestone: | none → r2.0 |
tags: | added: sql-security |
Changing priority of this bug since I am unable to recreated a core dump for either release or debug builds. All attempts to recreate return:
*** ERROR[8731] 33333 could not be verified as a valid database authorization ID. There was a problem reading metadata. An internal query returned SQLCODE -4481.
*** ERROR[8417] An error occurred during the evaluation of USER function. The provided userid is invalid, incorrect, obsolete or inexistent and could not be converted to username.
--- 0 row(s) selected.
For a future release, we could add code to allow the authname function to work when someone does not have select priv on the AUTHS table.