Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!mcsun!ukc!reading!riddle!john
From: john@riddle.UUCP (Jonathan Leffler)
Newsgroups: comp.databases
Subject: Re: Which RDBMS need setUID root?  Informix?
Keywords: Unix, Security
Message-ID: <1053@riddle.UUCP>
Date: 30 Nov 89 18:27:53 GMT
References: <6006@cbnewsh.ATT.COM> <7186@sybase.sybase.com>
Reply-To: john@sphinx.co.uk (Jonathan Leffler)
Organization: Sphinx Ltd., Maidenhead, England
Lines: 20

In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart 201-949-0705 ho95c.att.com!wcs) writes:
>We're trying to pick an RDBMS to do applications in a secure computer
>environment, so we need to find one that doesn't use setUID root.
>SetUID to some specific user is ok, but root is out.
>
>What's out there?  ....

The only reason Informix uses SUID root for anything is to kick
the ulimit sky-high so that the database agent can create big
database files.  Once it has done that, it resets its UID to the
users real UID.  If you can manage to live within the system wide
ulimit, you can reset the SUID root programs so that they are
simply SGID informix (they can also be owned by user informix).

Notes: Prior to ISQL 2.10 (I4GL 1.10), two programs were SUID
root, namely $INFORMIXDIR/bin/sperform and $INFORMIXDIR/lib/sqlexec.
Since then, only $INFORMIXDIR/lib/sqlexec is SUID root.

Jonathan Leffler (john@sphinx.co.uk)
#include <disclaimer.h>


Brought to you by Super Global Mega Corp .com