World Writable SAP Install issues

KF Sun, 23 Mar 2003 11:47:56 -0800

SAPDB RPM install leaves world writable lserver and dbmsrv binaries

Download the latest SAP rpm packages from:
http://www.sapdb.org/7.4/rpm_linux.htm


Login as root and install the rpms

vegeta SAP # rpm -ivh *rpm --nodeps
Preparing...                ########################################### [100%]
   1:sapdb-ind              ########################################### [ 14%]
    12751  XSERVER  XSERVER started, 'X32/LINUX 7.4.3    Build 014-000-037-952'
   2:sapdb-srv74            ########################################### [ 28%]
   3:sapdb-callif           ########################################### [ 42%]
   4:sapdb-precompiler      ########################################### [ 57%]
   5:sapdb-scriptif         ########################################### [ 71%]
   6:sapdb-testdb74         ########################################### [ 85%]
ERR 11641  XSERVER  XSERVER is already running!
   7:sapdb-web              ########################################### [100%]

Login as normal user and inspect world writable binaries

[EMAIL PROTECTED] / $ id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)

[EMAIL PROTECTED] / $ find /opt/sapdb/ -perm -0777
/opt/sapdb/depend74/pgm/dbmsrv
/opt/sapdb/depend74/pgm/lserver

Verify sanity 

[EMAIL PROTECTED] / $ cd /opt/sapdb/depend74/pgm/
[EMAIL PROTECTED] pgm $ ls -al
total 36912
drwxrwxr-x    2 root     sapdb        4096 Mar 23 12:59 .
drwxrwxr-x   10 root     sapdb        4096 Mar 23 12:59 ..
-rwxrwxr-x    1 root     sapdb      297555 Feb 28 15:42 console
-rwxrwxrwx    1 root     sapdb     2088040 Feb 28 15:48 dbmsrv
-rwxrwxr-x    1 root     sapdb     1806053 Feb 28 15:47 diagnose
-rwxrwxr-x    1 root     sapdb      448402 Feb 28 15:48 dumpcomreg
-rwxrwxr-x    1 root     sapdb     8475382 Feb 28 18:11 kernel
-rwxrwxrwx    1 root     sapdb     4722216 Feb 28 18:17 lserver
-rwxrwxr-x    1 root     sapdb     1032409 Feb 28 18:17 pu
-rwxrwxr-x    1 root     sapdb     1453842 Feb 28 15:30 python
-rwxrwxr-x    1 root     sapdb       46471 Feb 28 15:28 regcomp
-rwxrwxr-x    1 root     sapdb    16389708 Feb 28 18:05 slowknl
-rwxrwxr-x    1 root     sapdb      845869 Feb 28 18:16 sqlfilter
-rwxrwxr-x    1 root     sapdb       20939 Feb 28 15:43 sysrc
-rwxrwxr-x    1 root     sapdb       55138 Feb 28 15:56 tracesort

[EMAIL PROTECTED] pgm $ echo oops > kernel
sh: kernel: Permission denied
[EMAIL PROTECTED] pgm $ echo oops > lserver
[EMAIL PROTECTED] pgm $ echo oops I did it again > dbmsrv
[EMAIL PROTECTED] pgm $ cat lserver
oops
[EMAIL PROTECTED] pgm $ cat dbmsrv
oops I did it again

This appears to be caused by the RPM installation 

D: fini      100777  1 (   0, 410)   2088040 /opt/sapdb/depend74/pgm/dbmsrv;3e7df5e7
D: fini      100777  1 (   0, 410)   4722216 /opt/sapdb/depend74/pgm/lserver;3e7df5e7


If instead you installed from sapdb-all-linux-32bit-i386-7_4_3_14.tgz and 
sapdb-webtools-linux-32bit-i386-7_4_3_10.tgz

vegeta sapdb-all-linux-32bit-i386-7_4_3_14 # ./SDBINST
        Installation of SAP DB Software
        ********************************
...

vegeta sapdb-all-linux-32bit-i386-7_4_3_14 # find /opt/sapdb -perm -0777 -print
/opt/sapdb/indep_data/wrk

no binaries to play with this time. 

Older rpm packages have the same issue sapdb-ind-7.3.0.32-1.i386.rpm and 
sapdb-srv-7.3.0.32-1.i386.rpm leave:

vegeta OLD # find /opt/sapdb/ -perm -0777
/opt/sapdb/depend/pgm/dbmsrv
/opt/sapdb/depend/pgm/lserver

Leaving world writable binaries laying around has obvious reprecussions. 

SAP made it clear that normal users should not have access to the SAP server when I 
pointed out the last security issue. The same logic applys here however this does 
not lessen the result of this problem. 
-KF

World Writable SAP Install issues

Reply via email to