Preventing Local Attacks on Unix-Based Servers
Most of the local security problems Informix suffers from on Unix-based platforms arise from the setuid root programs and setuid Informix programs. To list all such programs, change to the $INFORMIXDIR/bin directory and issue the following command:
find ./ -perm +4000
This will list all setuid programs in the bin directory. The simplest way to protect against local users attacking setuid programs is to remove the execute permission from “others”; in fact, simply remove all permissions from “others”:
chmod * o-rwx
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.