Re: PUBLIC privileges on XDB$ACL

From: Niall Litchfield <niall.litchfield_at_gmail.com>
Date: Thu, 19 Jul 2012 15:23:00 +0100
Message-ID: <CABe10san1gSz5zdDZuDDc78cpzF04hhBkkkQRqCAN2vsyfK8QA_at_mail.gmail.com>

Indeed. That line is there in 10.2 as well. In 11.2 there's a comment about removing the privilege
*Rem sidicula 01/13/07 - Restrict privileges on ACL tab*

I imagine that this fix is in 11.2 and possibly patchsets to prior releases where the patchset was released after January 2007.

On Thu, Jul 19, 2012 at 2:48 PM, Rich Jesse < rjoralist2_at_society.servebeer.com> wrote:

> David writes:
>
> > I'm trying to track down the source of a overly permissive privilege
> issue
> > on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it
> > seems catqm.sql (or one of its sub-scripts) executed
> >
> > "grant all on XDB.XDB$ACL to public"
>
> In 10.1.0.5 (AIX), it's in ?/rdbms/admin/catxdbz.sql, apparently from
> 02/19/02 and with a comment of "Make XDB$ACL writeable by all users"
> immediately preceding it.
>
> The "commit" following the GRANT is curious....
>
> Rich
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info


--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jul 19 2012 - 09:23:00 CDT

This message: [ Message body ]
Next message: David Fitzjarrell: "Re: PUBLIC privileges on XDB$ACL"
Previous message: Rich Jesse: "RE: EM 12c Agent Install - Windows"
In reply to: Rich Jesse: "Re: PUBLIC privileges on XDB$ACL"
Next in thread: David Fitzjarrell: "Re: PUBLIC privileges on XDB$ACL"
Reply: David Fitzjarrell: "Re: PUBLIC privileges on XDB$ACL"
Reply: david_at_databasesecurity.com: "Re: PUBLIC privileges on XDB$ACL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message