Subject Re: [IB-Architect] Re: Overwriting external files
Author bschaich@gmx.de
I remember that this was reported a couple of years ago by some russian
developer who had tried it out. Back then it was possible to write over
everything like password files or programs. Especially nice in unix
systems that usually are supposed to be secure...
As this was known at Borland (I know because I had the honour to be
employed there;-) they might have done something about it.

Regards,
Benny

julian@... schrieb:

> --- In IB-Architect@egroups.com, Jim Starkey <jas@n...> wrote:
> > Cert has published the vulnerability at
> >
> > http://www.kb.cert.org/vuls/id/247371
> >
>
> The Cert vulnerability report says:
>
> + In addition, if the database software is running with root
> + privileges, then any file on the server's file system can be
> + overwritten, possibly leading to execution of arbitrary commands as
> + root.
>
> My testing showed that IB won't overwrite an external file using the
> external table facility and a quick read of the source (jrd/ext.c)
> appears to say so too (not that I am that confidant about my source
> reading). While this makes no difference to the ability of IB to
> create trojan horses, I am curious: Can IB overwrite non-gdb files?
>
> Julian
>
> To unsubscribe from this group, send an email to:
> IB-Architect-unsubscribe@onelist.com


[Non-text portions of this message have been removed]