.I7Berkeley DB Reference Guide: Environment[P1

Berkeley DB Reference Guide: Environment





Security



PThere are two important security concerns when writing Berkeley DB applications.

HThe first is the directory used as the database home environment. It isJimportant that the environment home directory be carefully created to haveGthe correct permissions for the system to ensure that databases are notOaccessible to users without the correct permissions. Berkeley DB never createsIthe database home directory, it must be created before the application isrun.

DThe second is the use of environment variables in file naming, i.e.,¶DB_USE_ENVIRON and DB_USE_ENVIRON_ROOT. If a Berkeley DBIapplication is running with additional permissions, (e.g., UNIX setuid orFsetgid permissions), and either of these variables is set, users couldFpotentially cause the application to read and write databases to which(the user would not normally have access.

PBy default, Berkeley DB always creates files readable and writeable by the ownerIand the group (i.e., S_IRUSR, S_IWUSR, S_IRGRP and S_IWGRP, or octal modeH0660 on historic UNIX systems). The group ownership of created files isHbased on the system and directory defaults, and is not further specifiedby Berkeley DB.

IAIÿÿ