Re: PUBLIC privileges on XDB$ACL
- From: David Fitzjarrell <oratune@xxxxxxxxx>
- To: "niall.litchfield@xxxxxxxxx" <niall.litchfield@xxxxxxxxx>, "rjoralist2@xxxxxxxxxxxxxxxxxxxxx" <rjoralist2@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2012 07:51:38 -0700 (PDT)
After checking the entire *xdb* script list on 10.2 I also found it in
catxdbz.sql.
So I stand corrected.
David Fitzjarrell
________________________________
From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
To: rjoralist2@xxxxxxxxxxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Sent: Thursday, July 19, 2012 8:23 AM
Subject: Re: PUBLIC privileges on XDB$ACL
Indeed. That line is there in 10.2 as well. In 11.2 there's a comment about
removing the privilege
*Rem sidicula 01/13/07 - Restrict privileges on ACL tab*
I imagine that this fix is in 11.2 and possibly patchsets to prior releases
where the patchset was released after January 2007.
On Thu, Jul 19, 2012 at 2:48 PM, Rich Jesse <
rjoralist2@xxxxxxxxxxxxxxxxxxxxx> wrote:
> David writes:
>
> > I'm trying to track down the source of a overly permissive privilege
> issue
> > on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it
> > seems catqm.sql (or one of its sub-scripts) executed
> >
> > "grant all on XDB.XDB$ACL to public"
>
> In 10.1.0.5 (AIX), it's in ?/rdbms/admin/catxdbz.sql, apparently from
> 02/19/02 and with a comment of "Make XDB$ACL writeable by all users"
> immediately preceding it.
>
> The "commit" following the GRANT is curious....
>
> Rich
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
