| Subject | Re: [firebird-support] security and local Linux users |
|---|---|
| Author | Ian Barwick |
| Post date | 2004-08-15T09:41:35Z |
On Sunday 15 August 2004 01:15, Helen Borrie wrote:
(...)
installed the same RPM on another Linux system - same results.
never had Firebird on it:
1. Download this RPM: FirebirdSS-1.5.1.4481-0.i686.rpm;
2. Install as root;
3. Check there are no environment variables beginning with ISC_ or containing
SYSDBA;
3. As a local user (i.e. not root, and with no Firebird relevant environment
variables set...) issue:
/opt/firebird/bin/isql /opt/firebird/examples/employee.fdb
I can then access the database, update data, create tables, and
SELECT user FROM RDB$DATABASE gives me the name of the current Linux user.
I can also open security.fdb and view all entries in the table users. I cannot
drop any database objects though.
/opt/firebird/bin/isql localhost:/opt/firebird/examples/employee.fdb
has the same result;
/opt/firebird/bin/isql server:/opt/firebird/examples/employee.fdb
(where server resolves the machine's external IP) requires a valid database
login.
By changing the "RemoteBindAddress" parameter in firebird.conf to the external
IP only I can "work round" and force authentication.
On the other hand (flash of inspiration), when I download and install the
Classic version (FirebirdCS-1.5.1.4481-0.i686.rpm) , things work as expected
- I can only log in with a valid user account, at this point SYSDBA.
Is there some difference between the Super and Classic security models? Or
possibly a problem with the Superserver RPM?
Sorry to keep bugging you on this.
Ian Barwick
> At 09:45 PM 14/08/2004 +0200, you wrote:(...)
> >My questions are:As I thought...
> >- is this normal behaviour for Firebird?
>
> Yes. Except for Win32 embedded, you can't connect to a database without a
> valid username and password. And only the sysdba can add or change users
> and passwords.
> >- how can I force local users only to connect with a valid databaseOn my system(s) it appears they do. See below...
> >username /
> >password?
>
> They don't have any option.
(...)
> If "anyone" is able to connect to any database locally without providingExactly... and I double checked for that, and just to be on the safe side I
> user name and password, then you have the ISC_USER and ISC_PASSWORD
> variables in your world-readable environment. That is not cool. Yesterday
> you were looking for ways to avoid typing passwords...you can't have butter
> on both sides of the bread.
installed the same RPM on another Linux system - same results.
> No user except sysdba, root and the database owner can see anything insideThese are the steps I have just carried on a third Linux system which has
> a database unless it has SQL permissions for the objects it wants to see,
> and their dependencies.
never had Firebird on it:
1. Download this RPM: FirebirdSS-1.5.1.4481-0.i686.rpm;
2. Install as root;
3. Check there are no environment variables beginning with ISC_ or containing
SYSDBA;
3. As a local user (i.e. not root, and with no Firebird relevant environment
variables set...) issue:
/opt/firebird/bin/isql /opt/firebird/examples/employee.fdb
I can then access the database, update data, create tables, and
SELECT user FROM RDB$DATABASE gives me the name of the current Linux user.
I can also open security.fdb and view all entries in the table users. I cannot
drop any database objects though.
/opt/firebird/bin/isql localhost:/opt/firebird/examples/employee.fdb
has the same result;
/opt/firebird/bin/isql server:/opt/firebird/examples/employee.fdb
(where server resolves the machine's external IP) requires a valid database
login.
By changing the "RemoteBindAddress" parameter in firebird.conf to the external
IP only I can "work round" and force authentication.
On the other hand (flash of inspiration), when I download and install the
Classic version (FirebirdCS-1.5.1.4481-0.i686.rpm) , things work as expected
- I can only log in with a valid user account, at this point SYSDBA.
Is there some difference between the Super and Classic security models? Or
possibly a problem with the Superserver RPM?
> However, there's one nasty: any user with a valid login can CREATE (andDo you mean valid Firebird login?
> thus OWN) a database, or create (and thus own) new objects in an existing
> database. In v.1.5 and on, you can help to make it harder by using path
> aliasing and also restricting the locations where the server is allowed to
> read or write database files (DatabaseAccess in firebird.conf).
Sorry to keep bugging you on this.
Ian Barwick