Re: PUBLIC privileges on XDB$ACL

  • From: David Fitzjarrell <oratune@xxxxxxxxx>
  • To: "david@xxxxxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 19 Jul 2012 06:51:01 -0700 (PDT)

I see no such grant in catqm.sql in 10.2 or 11.2; I expect that this was 
version 9 behavior and was corrected in later releases to close possible 
security holes.  I do not have a 10.1 installation to check.

David Fitzjarrell

From: "david@xxxxxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxxxxx>
To: oracle-l@xxxxxxxxxxxxx 
Sent: Wednesday, July 18, 2012 8:31 PM
Subject: PUBLIC privileges on XDB$ACL

Hey all,
I'm trying to track down the source of a overly permissive privilege issue 
on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it 
seems catqm.sql (or one of its sub-scripts) executed

"grant all on XDB.XDB$ACL to public"

Current version of Oracle don't, but I'm trying to work out if earlier or 
later versions also did this too. Any help would be very much appreciated!



Other related posts: