mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-22 21:23:04 +01:00
53 lines
1.7 KiB
Plaintext
53 lines
1.7 KiB
Plaintext
Issue:
|
|
======
|
|
If the LocalSystem user is allowed to install the Firebird Service,
|
|
it could make the whole system accessible to a malicious attacker.
|
|
|
|
Scope:
|
|
======
|
|
Affects Windows NT platforms.
|
|
|
|
Document author:
|
|
=================
|
|
Alex Peshkov (peshkoff@mail.ru)
|
|
|
|
Document date: 2003/06/22
|
|
==============
|
|
|
|
|
|
Firebird installation kits for Windows NT systems, i.e. those that
|
|
support services, currently provide a route into the host system
|
|
for any hacker who finds a new security hole in Firebird. All of
|
|
the current kits install the Firebird service to run under the
|
|
LocalSystem account. Through Firebird, the attacker can get
|
|
LocalSystem access to the system.
|
|
|
|
The steps to fix things manually are simple:
|
|
|
|
1) add the user 'firebird' as a member of the Domain users group,
|
|
with default rights
|
|
|
|
2) grant this user write access to all databases, including
|
|
security2.fdb (isc4.gdb in pre-1.5 versions), and the
|
|
firebird.log file
|
|
|
|
3) grant the user 'firebird' rights to "Login as service"
|
|
|
|
4) make the Firebird services (FirebirdServer and FirebirdGuardian,
|
|
if used, log in with username 'firebird'
|
|
|
|
Solution:
|
|
=========
|
|
Alex Peshkov
|
|
|
|
People writing installers should note that Firebird's standard routine
|
|
to install and manage the Firebird Service on WinNT/2000/XP platforms
|
|
(instsvc.exe) was upgraded in version 1.5 by the addition of an
|
|
optional L[ogin] switch to the {install} command. It is strongly
|
|
recommended that you employ this switch in the Windows kits, to make
|
|
the 'firebird' user, not LocalSystem, the default account under which
|
|
the Firebird Service logs in.
|
|
|
|
For more details, see the document README.instsvc
|
|
switch to (see instsvc.exe).
|