Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!van-bc!tacitus!clh From: clh@tacitus.tfic.bc.ca (Chris Hermansen) Newsgroups: comp.databases Subject: Re: Which RDBMS need setUID root? Informix? Keywords: Unix, Security Message-ID: <129@tacitus.tfic.bc.ca> Date: 27 Nov 89 21:15:54 GMT References: <6006@cbnewsh.ATT.COM> <1989Nov24.092221.15741@agsm.ucla.edu> <1023@maxim.erbe.se> Reply-To: clh@tfic.bc.ca (Chris Hermansen) Organization: Timberline Forest Inventory Consultants, Vancouver BC Lines: 61 In article <1023@maxim.erbe.se> prc@erbe.se (Robert Claeson) writes: >In article <1989Nov24.092221.15741@agsm.ucla.edu>, ggordon@agsm.ucla.edu (Glen Gordon) writes: > >> In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart ) writes: > >> >We're trying to pick an RDBMS to do applications in a secure computer >> >environment, so we need to find one that doesn't use setUID root. >> >SetUID to some specific user is ok, but root is out. > >> We are using Informix esqlc and 4gl on an HP9000 S850, >> set-uid informix, and everything works fine. Given a few more details, >> I am more than willing to help you figure out why it doesn't work for you. > >As far as I know, Informix needs to be SUID root so it can bump the ulimit >out of sight. After having done that, it reverts to non-SUID. I believe you >cannot remove the SUID from informix, since it checks for error returns and >aborts if the ulimit couldn't be changed. Well, we use Informix SQL on Sun 3's, and here's what our informix bin directory looks like: tacitus% ls -lg /usr/informix/bin total 3199 -rwxr-xr-x 1 informix informix 90112 Jan 8 1989 bcheck -rwsr-sr-x 1 root informix 24576 Jan 8 1989 changrp -rwxr-xr-x 1 informix informix 204800 Jan 8 1989 dbconvert -rwxr-xr-x 1 informix informix 131072 Jan 8 1989 dbload -rwxr-xr-x 1 informix informix 139264 Jan 8 1989 dbschema -rwxr-xr-x 1 informix informix 163840 Jan 8 1989 dbupdate -rwxr-xr-x 1 informix informix 155648 Jan 8 1989 deccon -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 isql -rwxr-xr-x 1 informix informix 4125 Jan 8 1989 isqldemo -rwsr-sr-x 1 root informix 24576 Jan 8 1989 mkdbsdir -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sacego -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 saceprep -rwxr-xr-x 1 informix informix 1437 Jan 8 1989 salesdemo -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sformbld -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sperform -rwxr-xr-x 1 informix informix 81920 Jan 8 1989 sqlconv tacitus% Note that only `changrp' and `mkdbsdir' are setuid root here; I would *guess* that these only get used under certain limited circumstances that the user might be able to avoid. However, the situation in the lib directory is more ominous: tacitus% ls -lg /usr/informix/lib total 344 -rwsr-sr-x 1 root informix 278528 Jan 8 1989 sqlexec -rwxr-xr-x 1 informix informix 65536 Jan 8 1989 sqlexecd tacitus% Note here that `sqlexec', the database agent, is setuid root. Perhaps Mr. Claeson is correct? I must admit that I have never tried to chown sqlexec... Chris Hermansen Timberline Forest Inventory Consultants Voice: 1 604 733 0731 302 - 958 West 8th Avenue FAX: 1 604 733 0634 Vancouver B.C. CANADA uunet!ubc-cs!van-bc!tacitus!clh V5Z 1E5 Brought to you by Super Global Mega Corp .com