Subject Re: [IB-Architect] Nailing down the external file problem.
Author reed mideke
Dalton Calford wrote:
> Hi,
> > The Unix classic server with TCP/IP starts as root so that it can then
> > change to the credentials of the client who connected, if the client
> > is on the same system or a trusted system (as in /etc/hosts.equiv
> > etc.)
> >
> But what if you never use the unix user login for rights?
> ie, you always specify a user name and password.
> You see, since 90% of our clients use a windows based client, then the
> server always runs as root. It never switches to a unix user.
> Since that is the case, what other issues are against specifying a
> different user for the interbase server?
Maybe someone who knows more history than me can say if it
ever honored the gid/uid that you can set in ISC4.gdb when
you create a user ? Would it break something to do this ?
One might well argue (and several have) that the whole
system needs a re-think, bit this sort of thing seems
severe enough that many would be interested in a short
term fix that plugs the most blatant wholes

Whether or not we make sure we run under non-root, it might be
wise to restrict external files just as we have for UDFs. That
is the default would be interbase/external_tables (or whatever)
and users could add others via ibconfig.

Of course, if the server is running as root the user could
still create a >database< called /etc/passwd, which would make
a dandy DOS.

Anyone tried putting IB in a chroot jail ?

BTW, the situation on NT is pretty bad in the default install,
since the server runs as the system account. Create
an external table called c:\autoexec.bat or whatever.

And in super, could you read/write any database (admittedly as
binary goop) by declaring it as an external table ?

> best regards
> Dalton

Reed Mideke rfm(at)
If that doesn't work: rfm(at)
InterBase build instructions: