Quantcast
Channel: SCN: Message List - SAP Adaptive Server Enterprise (SAP ASE) for Custom Applications
Viewing all articles
Browse latest Browse all 3587

Re: Security Bug with sp_rename ?

$
0
0

nice, same behaviour on 15.7 SP122 on Linux

the code shows there's no check for user_id if you want to rename a column only

 

code snippet from sp_rename on 15.7

 

    /*
    **  Now check to see that the column exists in a table owned
    **  by the user. Don't do this if the user explicitly specified
    **  that this is an index or partition.
    */
    if (@indorcolorpar is null or (@indorcolorpar not in ('index', 'partition')))
    begin
            select @objid = o.id, @colid = c.colid
            from sysobjects o, syscolumns c
            where c.id = @tabobjid
              and c.id = o.id
              and c.name = @colname
              and (   o.sysstat & 7 = 2    /* user table */
                   or o.sysstat & 7 = 3)        /* view */
    end

 

Also checked on old version 15.0, there's the proper check:

and sysobjects.uid = user_id()


Viewing all articles
Browse latest Browse all 3587

Trending Articles