On 02/08/2014 07:12 PM (US Eastern Time), Andreas Tille wrote:
[KSB] <...snip...>
- The hard links are required, so we will add lintian
exceptions for them.
I admit that I did not really get it why they are "required" (I think
this was not answered by Bhaskar. I think we should not override this
lintian warning and leave it as a reminder for further discussion.
[KSB] gtmsecshr is a program that is installed setuid root because there
are functions it performs on behalf of normal processes (unlike many
database engines, GT.M does not use a database daemon). Details of these
functions are in Appendix E (Security Philosophy) of the GT.M
Administration and Operations Guide UNIX Edition (for all current GT.M
documentation, go to http://fis-gtm.com and click on the User
Documentation tab).
Since gtmsecshr is installed as setuid root, it has a number of checks to
validate its invocation, including that it is being invoked from the GT.M
distribution to which it belongs. As there would be a vulnerability in
the validation if the link were a symbolic link, it _must_ be a hard
link. As the hard link is between the directories pointed to by
$gtm_dist and $gtm_dist/utf8, and as the utf8 subdirectory is created as
part of the GT.M installation, there is never a case where the utf8
subdirectory is on a different file system, and never a case where the
symbolic link is appropriate.
Regards
-- Bhaskar
--
GT.M - Rock solid. Lightning fast. Secure. No compromises.
_____________
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
