Re: Updating fis-gtm package to 6.1
Hi Bhaskar,
On Sat, Feb 08, 2014 at 09:25:51PM -0500, Bhaskar, K.S wrote:
>
> [KSB] gtmsecshr is a program that is installed setuid root because
> there are functions it performs on behalf of normal processes
> (unlike many database engines, GT.M does not use a database daemon).
> Details of these functions are in Appendix E (Security Philosophy)
> of the GT.M Administration and Operations Guide UNIX Edition (for
> all current GT.M documentation, go to http://fis-gtm.com and click
> on the User Documentation tab).
>
> Since gtmsecshr is installed as setuid root, it has a number of
> checks to validate its invocation, including that it is being
> invoked from the GT.M distribution to which it belongs. As there
> would be a vulnerability in the validation if the link were a
> symbolic link, it _must_ be a hard link. As the hard link is
> between the directories pointed to by $gtm_dist and $gtm_dist/utf8,
> and as the utf8 subdirectory is created as part of the GT.M
> installation, there is never a case where the utf8 subdirectory is
> on a different file system, and never a case where the symbolic link
> is appropriate.
Thanks for the verbose explanation. @Luis: Could you please add a link
to the mailing list archive to this explanation as comment into the
lintian override file.
Kind regards
Andreas.
--
http://fam-tille.de
Reply to: