| Subject | Re: Overwriting external files |
|---|---|
| Author | julian@youramigo.com |
| Post date | 2001-01-11T04:51:22Z |
--- In IB-Architect@egroups.com, Jim Starkey <jas@n...> wrote:
+ In addition, if the database software is running with root
+ privileges, then any file on the server's file system can be
+ overwritten, possibly leading to execution of arbitrary commands as
+ root.
My testing showed that IB won't overwrite an external file using the
external table facility and a quick read of the source (jrd/ext.c)
appears to say so too (not that I am that confidant about my source
reading). While this makes no difference to the ability of IB to
create trojan horses, I am curious: Can IB overwrite non-gdb files?
Julian
> Cert has published the vulnerability atThe Cert vulnerability report says:
>
> http://www.kb.cert.org/vuls/id/247371
>
+ In addition, if the database software is running with root
+ privileges, then any file on the server's file system can be
+ overwritten, possibly leading to execution of arbitrary commands as
+ root.
My testing showed that IB won't overwrite an external file using the
external table facility and a quick read of the source (jrd/ext.c)
appears to say so too (not that I am that confidant about my source
reading). While this makes no difference to the ability of IB to
create trojan horses, I am curious: Can IB overwrite non-gdb files?
Julian