Download Latest Version
tpc-c-ifmx.tar.gz (392.7 kB)
Get an email when there's a new version of IIUG Software Repository
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| app | 2020-05-11 | 592 Bytes | |
| appstart.c | 2020-05-11 | 5.4 kB | |
| Makefile | 2020-05-11 | 1.0 kB | |
| README | 2020-05-11 | 2.6 kB | |
| tech_paper.txt | 2020-05-11 | 15.6 kB | |
| Totals: 5 Items | 25.1 kB | 0 | |
README
This collection of files demonstrates one way of controlling user permissions
in Informix applications by running them setuid. The files are:
README this file
appstart.c the source for the front-end application start-up program
Makefile a sample Makefile for compiling and installing appstart
app a sample shell script that the user would run to invoke
the application
tech_paper.txt an ASCII version of the technical paper on this subject
presented at the 1992 Informix Worldwide User Conference
For this technique to work, appstart must be installed setuid to root. You
should be intimately familiar with the issues related to such processing before
you attempt to use this technique.
The file appstart.c is a generic version of a program currently in production
use. Since the main purpose of appstart.c is to demonstrate the technique,
code not directly related to the setuid process has been removed. This
includes code that would be important in a production version, such as
statements that check for error status or buffer overflow.
The file tech_paper.txt contains an ASCII version of the technical paper as it
was presented at IWUC92. There are several considerations that were not
explored in detail in the paper due to length and time constraints.
One possible variation of this scheme might be to run only the back-end
database engine setuid using this technique. This has been suggested, but I
have yet to try this approach. It should work, though, and would have the
advantage that the front-end would still be running as the invoking user.
This would make operations like working with Unix files from within the
application much easier.
An indication that this approach might not be appropriate in all environments
is the problem of running setuid programs that use shared libraries. This has
not been a factor under SunOS 4.1.x, probably because to date Informix
executables do not use shared libraries in that environment. However, this
may become a problem in future releases of Informix or SunOS.
If you have any questions, or especially if you notice any potential problems
with using this technique, feel free to contact me.
Walt Hultgren
July, 1992
--
Walt Hultgren Internet: walt@rmy.emory.edu (IP 128.140.8.1)
Emory University UUCP: {...,gatech,rutgers,uunet}!emory!rmy!walt
954 Gatewood Road, NE BITNET: walt@EMORY
Atlanta, GA 30329 USA Voice: +1 404 727 0648
