Re: PUBLIC privileges on XDB$ACL

From: Rich Jesse <rjoralist2_at_society.servebeer.com>
Date: Thu, 19 Jul 2012 08:48:47 -0500 (CDT)
Message-ID: <253d680aca8d39531717ac18ce42e074.squirrel_at_society.servebeer.com>

David writes:

> I'm trying to track down the source of a overly permissive privilege issue
> on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it
> seems catqm.sql (or one of its sub-scripts) executed
>
> "grant all on XDB.XDB$ACL to public"

In 10.1.0.5 (AIX), it's in ?/rdbms/admin/catxdbz.sql, apparently from 02/19/02 and with a comment of "Make XDB$ACL writeable by all users" immediately preceding it.

The "commit" following the GRANT is curious....

Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jul 19 2012 - 08:48:47 CDT

This message: [ Message body ]
Next message: David Fitzjarrell: "Re: PUBLIC privileges on XDB$ACL"
Previous message: Tim Hall: "Re: PL/SQL Development Tool Of Choice"
In reply to: david_at_databasesecurity.com: "PUBLIC privileges on XDB$ACL"
Next in thread: Niall Litchfield: "Re: PUBLIC privileges on XDB$ACL"
Reply: Niall Litchfield: "Re: PUBLIC privileges on XDB$ACL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message