Subject Re: Overwriting external files
--- In, Jim Starkey <jas@n...> wrote:
> Cert has published the vulnerability at

The Cert vulnerability report says:

+ In addition, if the database software is running with root
+ privileges, then any file on the server's file system can be
+ overwritten, possibly leading to execution of arbitrary commands as
+ root.

My testing showed that IB won't overwrite an external file using the
external table facility and a quick read of the source (jrd/ext.c)
appears to say so too (not that I am that confidant about my source
reading). While this makes no difference to the ability of IB to
create trojan horses, I am curious: Can IB overwrite non-gdb files?