On 05/07/2016 05:00 PM, Dimitry Sibiryakov wrote: > Hello, All. > > In path_utils.h there is a comment: > >> /** isSymLink returns true if the given path is symbolic link, and >> false if not. >> Use of this links may provide way to override system security. >> Example: ln -s /usr/firebird/ExternalTables/mytable >> /etc/xinet.d/remoteshell >> and insert desired rows into mytable. >> **/ > Does it really work as a protection? > AFAIU, it is protection from DBA without root rights. But is such DBA > able to create > such symlinks at all? >
The sample is rather artificial. Please also take into an account that it was written when ibserver ran as root by default. But removing symbolic links from the path is anyway useful - at least to correctly detect network mounts. ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
