Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!uunet!odi!dlw
From: dlw@odi.com (Dan Weinreb)
Newsgroups: comp.databases
Subject: Re: Informix queries: raw partitions, price support
Message-ID: <1991Apr26.150939.2069@odi.com>
Date: 26 Apr 91 15:09:39 GMT
References: <461@octelb.octel.UUCP>
Reply-To: dlw@odi.com
Organization: Object Design, Inc.
Lines: 22
In-Reply-To: jfd@octel.UUCP's message of 24 Apr 91 21:36:12 GMT

In article <461@octelb.octel.UUCP> jfd@octel.UUCP (John F. Detke) writes:

			   Informix wants to chmod and chgrp informix /dev/rsd0d
   in order to use raw partitions. Why the heck do they have set-uid root programs
   then? The DBA wants the speed improvements, but I am reluctant to open up /dev
   like this. Am I being too paranoid? 

I don't think I understand.  Informix needs for their Unix process to
be able to access /dev/rsd0d.  They are saying that you should chmod
it to something, and chown it to "informix", in order to grant access
to their process.  It seems that you are saying that you don't like
the idea of doing this, because it would "open up /dev", implying that
this would create a possible security problem.  Instead you are
counter-proposing that they make their program a "setuid root"
program.

If I were paranoid, I might be more worried about letter their process
run as "root" than about setting the access on /dev/rsd0d as they
recommend.  Setting the access will only let their process access that
device, and not others; making their program run as "root" will let
their process access any device whatsoever.  Why would it be more secure
for them to run as "root"?