At 12:44 PM 5/28/00 +1000, Jan Mikkelsen wrote:
>This seems like an excellent set of marching orders for 6.1.
>An abbreviated list of what I believe needs to be done: On NT an Interbase
>server should run under an non-privileged account, and all the databases
>should be ACLd to only be readable by that account. On Unix systems it
>should run as a non-root user in a chrooted gaol, again with correct
>permissions. The database paths should be administrator configured on the
>server and not accepted from clients. The local protocol should be ignored
>(or removed) until it is fixed. For single user applications, the server
>should be able to run in an application process context, and therefore be
>the restrictions of the user's account. The server should only listen for
>connections on administrator specified ports and interfaces, with specified
>rules for acceptable connections. isc4.gdb should die. &c.
>You can configure an Interbase server to close the most obvious holes in an
>installation; it has been discussed on this and other lists. Developers
>just need to apply their brains, and fix their installation procedures.
>Today, as always, an application developer must provide instructions for
>installing a piece of software securely. It is no one else's
>responsibility. If the developer can't do that, they deserve everything
>they get, and helping them to attempt to pull the wool over everyone's eyes
>doesn't do anyone any good.