users and security ibwebadmin

To: debian-mentors@lists.debian.org
Subject: users and security ibwebadmin
From: Remco Seesink <raseesink@hotpop.com>
Date: Sun, 23 May 2004 18:48:24 +0200
Message-id: <[🔎] 20040523184824.6126a0a2.raseesink@hotpop.com>

Hello,

I am packaging ibwebadmin, a web administration tool for firebird
and interbase databases.

I ran into a problem with users and groups and wonder how to resolve it.

The program runs some tools from the firebird packages (eg gbak, isql etc.)
These tools work locally on database files. All the database related files
are owned by the firebird user and group.

The firebird tools run as the www-data user as they are invoked from the
apache process.

Adding www-data to the firebird groups seems a security risk for the database
when it would be hit by a worm. New databases would still be created as the
www-data users instead of the firebird user.

Must I do something with suid? Make the firebird tools suid firebird? I am not
experienced with ins and outs of suid but I understand they are often a source
of security hazards.

How could I set it up secure so ibwebadmin is still able to process the database
files?

If this questions are not basic and more appropriate for debian-security tell me
and I'll take them there.

I have been playing around with the firebird packages and have a version with some
minor bugs fixes sitting on my harddrive. If it needs a firebird fix I could do
that. (It's orphaned)

Cheers,
Remco.

Reply to:

Prev by Date: Re: Sponsor for Ontographics?
Next by Date: PLML Sgml System Package [ looking for upload ]
Previous by thread: Re: Knowlan SponsorShip
Next by thread: PLML Sgml System Package [ looking for upload ]
Index(es):
- Date
- Thread