You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
This issue also should fix security problem. Currently in CS we have .conf files read-only, owned by firebird. But in case of successfull attack on any fb_inet_server process (runuser is firebird), it is perfectly easy for attacker to chmod that file (owned by him) - and change firebird configuration / aliases, which is IMHO security risk.
As I remember there were specifically some different ones, because of the different ways they operated, with the option of CS running as root for instance, and I think possibly some differences since classic client allows direct access, so there may have been some requirement for access to message files and lock file for example, but I am not sure if those are the attributes that you are talking about.
(posted in the hope that you will answer my other question :-) - Mark
They both can run as root in case crazy client chooses such mode.
And certainly there will be differencies - I mean only avoiding unneeded one. Like most of files owned by user firebird in CS. In SS owner is root and it's correct.
One of the problems was CS files like lock were accessed and updated by all users, not just the Classic Server inetd process.
So for users to access those files they at least needed to be in group "firebird", which gave them privileged access to those files, otherwise the files needed to be world writable.
However there were some clever exploits, where if a user changed those files, I cant remember, but to some odd links, and then server run as normal, running as root, then the server would end up running a shell script that the naughty user had pointed to.