Re: PUBLIC privileges on XDB$ACL
Date: Thu, 19 Jul 2012 06:51:01 -0700 (PDT)
I see no such grant in catqm.sql in 10.2 or 11.2; I expect that this was version 9 behavior and was corrected in later releases to close possible security holes. I do not have a 10.1 installation to check.
From: "david_at_databasesecurity.com" <david_at_databasesecurity.com> To: oracle-l_at_freelists.org
Sent: Wednesday, July 18, 2012 8:31 PM
Subject: PUBLIC privileges on XDB$ACL
I'm trying to track down the source of a overly permissive privilege issue on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it seems catqm.sql (or one of its sub-scripts) executed
"grant all on XDB.XDB$ACL to public"
Current version of Oracle don't, but I'm trying to work out if earlier or
later versions also did this too. Any help would be very much appreciated!
http://www.freelists.org/webpage/oracle-l Received on Thu Jul 19 2012 - 08:51:01 CDT