| Subject | Re: [IB-Architect] Nailing down the external file problem. |
|---|---|
| Author | reed mideke |
| Post date | 2000-12-21T08:30:15Z |
Dalton Calford wrote:
ever honored the gid/uid that you can set in ISC4.gdb when
you create a user ? Would it break something to do this ?
One might well argue (and several have) that the whole
system needs a re-think, bit this sort of thing seems
severe enough that many would be interested in a short
term fix that plugs the most blatant wholes
Whether or not we make sure we run under non-root, it might be
wise to restrict external files just as we have for UDFs. That
is the default would be interbase/external_tables (or whatever)
and users could add others via ibconfig.
Of course, if the server is running as root the user could
still create a >database< called /etc/passwd, which would make
a dandy DOS.
Anyone tried putting IB in a chroot jail ?
BTW, the situation on NT is pretty bad in the default install,
since the server runs as the system account. Create
an external table called c:\autoexec.bat or whatever.
And in super, could you read/write any database (admittedly as
binary goop) by declaring it as an external table ?
Reed Mideke rfm(at)cruzers.com
If that doesn't work: rfm(at)portalofevil.com
InterBase build instructions: www.cruzers.com/~rfm
>Maybe someone who knows more history than me can say if it
> Hi,
>
> > The Unix classic server with TCP/IP starts as root so that it can then
> > change to the credentials of the client who connected, if the client
> > is on the same system or a trusted system (as in /etc/hosts.equiv
> > etc.)
> >
>
> But what if you never use the unix user login for rights?
> ie, you always specify a user name and password.
> You see, since 90% of our clients use a windows based client, then the
> server always runs as root. It never switches to a unix user.
> Since that is the case, what other issues are against specifying a
> different user for the interbase server?
>
ever honored the gid/uid that you can set in ISC4.gdb when
you create a user ? Would it break something to do this ?
One might well argue (and several have) that the whole
system needs a re-think, bit this sort of thing seems
severe enough that many would be interested in a short
term fix that plugs the most blatant wholes
Whether or not we make sure we run under non-root, it might be
wise to restrict external files just as we have for UDFs. That
is the default would be interbase/external_tables (or whatever)
and users could add others via ibconfig.
Of course, if the server is running as root the user could
still create a >database< called /etc/passwd, which would make
a dandy DOS.
Anyone tried putting IB in a chroot jail ?
BTW, the situation on NT is pretty bad in the default install,
since the server runs as the system account. Create
an external table called c:\autoexec.bat or whatever.
And in super, could you read/write any database (admittedly as
binary goop) by declaring it as an external table ?
> best regards--
>
> Dalton
>
Reed Mideke rfm(at)cruzers.com
If that doesn't work: rfm(at)portalofevil.com
InterBase build instructions: www.cruzers.com/~rfm