Download Latest Version tpc-c-ifmx.tar.gz (392.7 kB)
Email in envelope

Get an email when there's a new version of IIUG Software Repository

Home / StoredProcedures / Informix4GL-Tools / appstart
Name Modified Size InfoDownloads / Week
Parent folder
app 2019-06-13 592 Bytes
0
appstart.c 2019-06-13 5.4 kB
0
Makefile 2019-06-13 1.0 kB
0
README 2019-06-13 2.6 kB
0
tech_paper.txt 2019-06-13 15.6 kB
0
Totals: 5 Items   25.1 kB 0 
README

This collection of files demonstrates one way of controlling user permissions
in Informix applications by running them setuid.  The files are:

   README           this file

   appstart.c       the source for the front-end application start-up program

   Makefile         a sample Makefile for compiling and installing appstart

   app              a sample shell script that the user would run to invoke
                    the application

   tech_paper.txt   an ASCII version of the technical paper on this subject
                    presented at the 1992 Informix Worldwide User Conference


For this technique to work, appstart must be installed setuid to root.  You
should be intimately familiar with the issues related to such processing before
you attempt to use this technique.

The file appstart.c is a generic version of a program currently in production
use.  Since the main purpose of appstart.c is to demonstrate the technique,
code not directly related to the setuid process has been removed.  This
includes code that would be important in a production version, such as
statements that check for error status or buffer overflow.

The file tech_paper.txt contains an ASCII version of the technical paper as it
was presented at IWUC92.  There are several considerations that were not
explored in detail in the paper due to length and time constraints.

One possible variation of this scheme might be to run only the back-end
database engine setuid using this technique.  This has been suggested, but I
have yet to try this approach.  It should work, though, and would have the
advantage that the front-end would still be running as the invoking user.
This would make operations like working with Unix files from within the
application much easier.

An indication that this approach might not be appropriate in all environments
is the problem of running setuid programs that use shared libraries.  This has
not been a factor under SunOS 4.1.x, probably because to date Informix
executables do not use shared libraries in that environment.  However, this
may become a problem in future releases of Informix or SunOS.

If you have any questions, or especially if you notice any potential problems
with using this technique, feel free to contact me.


Walt Hultgren
July, 1992

-- 
Walt Hultgren              Internet: walt@rmy.emory.edu       (IP 128.140.8.1)
Emory University               UUCP: {...,gatech,rutgers,uunet}!emory!rmy!walt
954 Gatewood Road, NE        BITNET: walt@EMORY
Atlanta, GA  30329  USA       Voice: +1 404 727 0648
Source: README, updated 2019-06-13