wcs) (11/22/89)
We're trying to pick an RDBMS to do applications in a secure computer environment, so we need to find one that doesn't use setUID root. SetUID to some specific user is ok, but root is out. What's out there? The current versions of our application use Informix, but it appears to need root; are we mistaken, or will we have to can it and use something else? Has anybody taken it and turned off setUID? Thanks; Bill -- # Bill Stewart, AT&T Bell Labs 4M312 Holmdel NJ 201-949-0705 api.att.com!wcs # We did it for the formlessness ...
mike@raven.TELCOM.TEK.COM (Mike Ewan) (11/23/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart 201-949-0705 ho95c.att.com!wcs) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. As far as I know Ingres from Relational Technologies does not use setuid root binaries. There are some setuid rtingres applications, but the rtingres user id can be anything. Mike -- Michael Ewan (503)627-6468 Internet: mike@raven.USS.TEK.COM Unix Systems Support UUCP: ...!tektronix!puffin!raven!mike Tektronix, Inc. Compuserv: 73747,2304 "Fig Newton: The force required to accelerate a fig 39.37 inches/sec."--J. Hart
tim@binky.sybase.com (Tim Wood) (11/23/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart 201-949-0705 ho95c.att.com!wcs) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. > >What's out there? .... >-- ># Bill Stewart, AT&T Bell Labs 4M312 Holmdel NJ 201-949-0705 api.att.com!wcs Sybase doesn't use setuid at all. -TW Sybase, Inc. / 6475 Christie Ave. / Emeryville, CA / 94608 415-596-3500 tim@sybase.com {pacbell,pyramid,sun,{uunet,ucbvax}!mtxinu}!sybase!tim This message is solely my personal opinion. It is not a representation of Sybase, Inc. OK.
campbell@Thalatta.COM (Bill Campbell) (11/23/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart 201-949-0705 ho95c.att.com!wcs) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. UNIFY 4.0 doesn't require any setuid although you may set it if you want. We use this extensively for our accounting software and use the setuid to particular users so that there be multiple data bases on the machine without everyone having access. ....microsoft--\ Bill Campbell; Celestial Software ...uw-beaver-----!thebes!camco!bill 6641 East Mercer Way ....fluke------/ Mercer Island, Wa 98040 ....hplsla----/ (206) 232-4164
ggordon@agsm.ucla.edu (Glen Gordon) (11/24/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart ) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. > >What's out there? The current versions of our application use Informix, >but it appears to need root; are we mistaken, or will we have to can >it and use something else? Has anybody taken it and turned off setUID? We are using Informix esqlc and 4gl on an HP9000 S850, set-uid informix, and everything works fine. Given a few more details, I am more than willing to help you figure out why it doesn't work for you. -- Glen Gordon UCLA, Anderson Graduate School Of Management
prc@erbe.se (Robert Claeson) (11/26/89)
In article <1989Nov24.092221.15741@agsm.ucla.edu>, ggordon@agsm.ucla.edu (Glen Gordon) writes: > In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart ) writes: > >We're trying to pick an RDBMS to do applications in a secure computer > >environment, so we need to find one that doesn't use setUID root. > >SetUID to some specific user is ok, but root is out. > We are using Informix esqlc and 4gl on an HP9000 S850, > set-uid informix, and everything works fine. Given a few more details, > I am more than willing to help you figure out why it doesn't work for you. As far as I know, Informix needs to be SUID root so it can bump the ulimit out of sight. After having done that, it reverts to non-SUID. I believe you cannot remove the SUID from informix, since it checks for error returns and aborts if the ulimit couldn't be changed. -- Robert Claeson E-mail: rclaeson@erbe.se ERBE DATA AB
cpcahil@virtech.uucp (Conor P. Cahill) (11/26/89)
In article <1023@maxim.erbe.se>, prc@erbe.se (Robert Claeson) writes: > As far as I know, Informix needs to be SUID root so it can bump the ulimit > out of sight. After having done that, it reverts to non-SUID. I believe you > cannot remove the SUID from informix, since it checks for error returns and > aborts if the ulimit couldn't be changed. Unless, of course, the ulimit is already at least that high. A normal user can successfully call ulimit as long as the new limit is <= the old limit. -- +-----------------------------------------------------------------------+ | Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 ! | Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 | +-----------------------------------------------------------------------+
clh@tacitus.tfic.bc.ca (Chris Hermansen) (11/28/89)
In article <1023@maxim.erbe.se> prc@erbe.se (Robert Claeson) writes: >In article <1989Nov24.092221.15741@agsm.ucla.edu>, ggordon@agsm.ucla.edu (Glen Gordon) writes: > >> In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart ) writes: > >> >We're trying to pick an RDBMS to do applications in a secure computer >> >environment, so we need to find one that doesn't use setUID root. >> >SetUID to some specific user is ok, but root is out. > >> We are using Informix esqlc and 4gl on an HP9000 S850, >> set-uid informix, and everything works fine. Given a few more details, >> I am more than willing to help you figure out why it doesn't work for you. > >As far as I know, Informix needs to be SUID root so it can bump the ulimit >out of sight. After having done that, it reverts to non-SUID. I believe you >cannot remove the SUID from informix, since it checks for error returns and >aborts if the ulimit couldn't be changed. Well, we use Informix SQL on Sun 3's, and here's what our informix bin directory looks like: tacitus% ls -lg /usr/informix/bin total 3199 -rwxr-xr-x 1 informix informix 90112 Jan 8 1989 bcheck -rwsr-sr-x 1 root informix 24576 Jan 8 1989 changrp -rwxr-xr-x 1 informix informix 204800 Jan 8 1989 dbconvert -rwxr-xr-x 1 informix informix 131072 Jan 8 1989 dbload -rwxr-xr-x 1 informix informix 139264 Jan 8 1989 dbschema -rwxr-xr-x 1 informix informix 163840 Jan 8 1989 dbupdate -rwxr-xr-x 1 informix informix 155648 Jan 8 1989 deccon -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 isql -rwxr-xr-x 1 informix informix 4125 Jan 8 1989 isqldemo -rwsr-sr-x 1 root informix 24576 Jan 8 1989 mkdbsdir -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sacego -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 saceprep -rwxr-xr-x 1 informix informix 1437 Jan 8 1989 salesdemo -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sformbld -rwxr-xr-x 1 informix informix 434176 Jan 8 1989 sperform -rwxr-xr-x 1 informix informix 81920 Jan 8 1989 sqlconv tacitus% Note that only `changrp' and `mkdbsdir' are setuid root here; I would *guess* that these only get used under certain limited circumstances that the user might be able to avoid. However, the situation in the lib directory is more ominous: tacitus% ls -lg /usr/informix/lib total 344 -rwsr-sr-x 1 root informix 278528 Jan 8 1989 sqlexec -rwxr-xr-x 1 informix informix 65536 Jan 8 1989 sqlexecd tacitus% Note here that `sqlexec', the database agent, is setuid root. Perhaps Mr. Claeson is correct? I must admit that I have never tried to chown sqlexec... Chris Hermansen Timberline Forest Inventory Consultants Voice: 1 604 733 0731 302 - 958 West 8th Avenue FAX: 1 604 733 0634 Vancouver B.C. CANADA uunet!ubc-cs!van-bc!tacitus!clh V5Z 1E5
bengsig@oracle.nl (Bjorn Engsig) (11/28/89)
Oracle has two suid programs: - One, suid to the oracle user (not root), which is the oracle kernel itself, and the suid is primarily done to protect the database files from unautho- rized access. - One, suid to root, shipped as source, which is only used to increase ulimit. If your system has other means of doing so, you don't need it. -- Disclaimer: Although I work for ORACLE, I am sending this only in my technical interest to help fellow Netlanders. I am not involved in sales or any customer support. All opinions expressed above are my own. -- Bjorn Engsig, Domain: bengsig@oracle.nl, bengsig@oracle.com Path: uunet!mcsun!orcenl!bengsig
scottj@ncrcae.Columbia.NCR.COM (L. Scott Johnson) (11/28/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart ) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. ORACLE under UNIX uses setUID to user oracle. ------------ L. Scott
john@riddle.UUCP (Jonathan Leffler) (12/01/89)
In article <6006@cbnewsh.ATT.COM> wcs@cbnewsh.ATT.COM (Bill Stewart 201-949-0705 ho95c.att.com!wcs) writes: >We're trying to pick an RDBMS to do applications in a secure computer >environment, so we need to find one that doesn't use setUID root. >SetUID to some specific user is ok, but root is out. > >What's out there? .... The only reason Informix uses SUID root for anything is to kick the ulimit sky-high so that the database agent can create big database files. Once it has done that, it resets its UID to the users real UID. If you can manage to live within the system wide ulimit, you can reset the SUID root programs so that they are simply SGID informix (they can also be owned by user informix). Notes: Prior to ISQL 2.10 (I4GL 1.10), two programs were SUID root, namely $INFORMIXDIR/bin/sperform and $INFORMIXDIR/lib/sqlexec. Since then, only $INFORMIXDIR/lib/sqlexec is SUID root. Jonathan Leffler (john@sphinx.co.uk) #include <disclaimer.h>