IC66047: SELECT WITH INSUFFICIENT COLUMN PERMISSIONS ABENDS IDS IF STATEMENT CACHE ENABLED

APAR status

Closed as program error.

Error description

A select statement is run by some user without errors and is
inserted into
the statement cache. Then a second user runs the same statement.
But this
user does not have select permission for all columns in the
projection
list. This leads to error:

  -272    No SELECT permission.

as expected. But in addition the ref_cnt for the statement in
the cache
becomes negative (onstat -g ssc):

  lru hash ref_cnt hits flag heap_ptr      database
user

----------------------------------------------------------------
-----
    0  272      -1    1   -F 154dcc038     d
usr1
    select k from t1

If a sufficiently privileged user runs the statement again, the
ref_cnt
is increased to 0 while the statement is in use. As a
consequence it can
be bumped out of that cache and it's memory can be reused by
another
statement during that time. This results in an engine crash.

There is no typical stack trace. At the time of the crash most
information
about the statement (like it's text) is wiped out.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* Users with STMT_CACHE enabled and having specific column     *
* level privileges granted to users                            *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Users with STMT_CACHE enabled can get into memory corruption *
* related issues if they have specific column level privilege  *
* granted to some user and that user tries to select the       *
* column that he is not granted permission to select.          *
*                                                              *
* Also, the same issue can occur if a temp table is created    *
* with some name, and later a permanent table is created with  *
* the same name, and the select of the permanent table resides *
* in the statement cache, and the same select statement is run *
* on the temp table.                                           *
****************************************************************
* RECOMMENDATION:                                              *
* Upgrade to 11.50.xC7 and above.                              *
****************************************************************

Problem conclusion

```
Fixed in 11.50.xC7
```

Temporary fix

Comments

APAR Information

APAR number
IC66047
Reported component name
IBM IDS ENTRP E
Reported component ID
5724L2304
Reported release
B15
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-02-03
Closed date
2010-10-01
Last modified date
2010-10-01

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

IT01463

Fix information

Fixed component name
IBM IDS ENTRP E
Fixed component ID
5724L2304

Applicable component levels

RB15 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSGU8G","label":"Informix Servers"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B15","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
01 October 2010

Tips

IC66047: SELECT WITH INSUFFICIENT COLUMN PERMISSIONS ABENDS IDS IF STATEMENT CACHE ENABLED

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

RB15 PSY

Document Information

Share your feedback

Need support?