1<!--$Id: security.so,v 10.18 2007/07/30 19:26:29 bostic Exp $--> 2<!--Copyright (c) 1997,2008 Oracle. All rights reserved.--> 3<!--See the file LICENSE for redistribution information.--> 4<html> 5<head> 6<title>Berkeley DB Reference Guide: Security</title> 7<meta name="description" content="Berkeley DB: An embedded database programmatic toolkit."> 8<meta name="keywords" content="embedded,database,programmatic,toolkit,btree,hash,hashing,transaction,transactions,locking,logging,access method,access methods,Java,C,C++"> 9</head> 10<body bgcolor=white> 11<a name="2"><!--meow--></a> 12<table width="100%"><tr valign=top> 13<td><b><dl><dt>Berkeley DB Reference Guide:<dd>Environment</dl></b></td> 14<td align=right><a href="../env/region.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../toc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../env/encrypt.html"><img src="../../images/next.gif" alt="Next"></a> 15</td></tr></table> 16<p align=center><b>Security</b></p> 17<p>The following are security issues that should be considered when writing 18Berkeley DB applications:</p> 19<br> 20<b>Database environment permissions</b><ul compact><li>The directory used as the Berkeley DB database environment should have its 21permissions set to ensure that files in the environment are not accessible 22to users without appropriate permissions. Applications that add to the 23user's permissions (for example, UNIX setuid or setgid applications), 24must be carefully checked to not permit illegal use of those permissions 25such as general file access in the environment directory.</ul> 26<b>Environment variables</b><ul compact><li>Setting the <a href="../../api_c/env_open.html#DB_USE_ENVIRON">DB_USE_ENVIRON</a> and <a href="../../api_c/env_open.html#DB_USE_ENVIRON_ROOT">DB_USE_ENVIRON_ROOT</a> flags 27and allowing the use of environment variables during file naming can be 28dangerous. Setting those flags in Berkeley DB applications with additional 29permissions (for example, UNIX setuid or setgid applications) could 30potentially allow users to read and write databases to which they would 31not normally have access.</ul> 32<b>File permissions</b><ul compact><li>By default, Berkeley DB always creates files readable and writable by the owner 33and the group (that is, S_IRUSR, S_IWUSR, S_IRGRP and S_IWGRP; or octal mode 340660 on historic UNIX systems). The group ownership of created files is 35based on the system and directory defaults, and is not further specified 36by Berkeley DB.</ul> 37<b>Temporary backing files</b><ul compact><li>If an unnamed database is created and the cache is too small to hold 38the database in memory, Berkeley DB will create a temporary physical file to 39enable it to page the database to disk as needed. In this case, 40environment variables such as <b>TMPDIR</b> may be used to specify 41the location of that temporary file. Although temporary backing files 42are created readable and writable by the owner only (S_IRUSR and 43S_IWUSR, or octal mode 0600 on historic UNIX systems), some filesystems 44may not sufficiently protect temporary files created in random 45directories from improper access. To be absolutely safe, applications 46storing sensitive data in unnamed databases should use the 47<a href="../../api_c/env_set_tmp_dir.html">DB_ENV->set_tmp_dir</a> method to specify a temporary directory with 48known permissions.</ul> 49<b>Tcl API</b><ul compact><li>The Berkeley DB Tcl API does not attempt to avoid evaluating input as Tcl 50commands. For this reason, it may be dangerous to pass unreviewed user 51input through the Berkeley DB Tcl API, as the input may subsequently be 52evaluated as a Tcl command. Additionally, the Berkeley DB Tcl API 53initialization routine resets process' effective user and group IDs to 54the real user and group IDs, to minimize the effectiveness of a Tcl 55injection attack.</ul> 56<br> 57<table width="100%"><tr><td><br></td><td align=right><a href="../env/region.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../toc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../env/encrypt.html"><img src="../../images/next.gif" alt="Next"></a> 58</td></tr></table> 59<p><font size=1>Copyright (c) 1996,2008 Oracle. All rights reserved.</font> 60</body> 61</html> 62