"Martijn Tonies" <martijn@...> wrote in message
news:D09B3AA2992AD611AA5200AA004126EEDE6A@SRV_BISIT...

> Hi,
> > >
> > > The fact that any user can create external tables, and thus has in

fact

> the
> > > same file access privileges that the IB service has, I a huge security
> > > hole IMHO, unless anyone convinces me otherwise.

> I wonder, with FB, does the single file handle causes this problem to be
> fixed?

Originally it was fixed in Win32. Mike set up the flags so only the engine
would have exclusive access to the gdbs, but Ann relaxed the rule so the
engine has exclusive write access but allows shared reading. The reason is
that some tools insist in peeking at the gdb directly. Besides that, it's
not a total solution even if you deny anyone else R/W rights: the intruder
could map a db that's not currently in use.

I think I pointed out a year ago that external files are a nice way to
rewrite the ibconfig file. Once done, the intruder could add a UDF directory
to the engine's authorized paths. After that, the intruder can attempt to
load a rogue UDF in that added directory where that person has R/W rights to
copy it. The temp dir, for example.

C.
--
Claudio Valderrama C. - http://www.cvalde.com - http://www.firebirdSql.org
Independent developer
Owner of the Interbase® WebRing