InterBase Security Best Practices

By: Gabe Goldfield

Abstract: Ensure that admin.ib is not accessible to users who are not granted root access

Issue: A number of security sites including Secunia and others have pointed to the potential for malicious local users to gain escalated privileges for InterBase on Linux and Solaris systems.

Specific issue: When InterBase is installed on Linux and Solaris, read write permission for admin.ib is enabled for all users.

Solution: Best security practices require the administrator to set permissions appropriately immediately after installation. The most secure posture is to set permission so that only 'root' user has read/write privileges.

Procedure:

  1. Log in as root user.
  2. Navigate to the InterBase home directory
  3. chmod 600 admin.ib
  4. ls -l admin.ib
Permissions should now look like this: -rw------- 1 root root 616497 Mar 22 11:17 /opt/interbase/admin.ib

Note to database administrators: Additional security is achieved when the Interbase directory and its subdirectories are owned by 'root' user and have the permissions set to 755.

Server Response from: ETNASC04