At 09:05 PM 4/9/99 +0200, Raoul A. Joemman wrote:
>We have Open Ingres 2.0 on Solaris 2.6
>Our system administrator is afraid to give Ingres read permissions on
>/dev/kmem.
>
>Who can tell me everything about /dev/kmem?
>
>
>Raoul
>
>

It's better to have a paranoid system manager than
one who is not.  

/dev/kmem is the "window" into the kernel memory, allowing
system information to be determined and altered, depending
upon what type of access you have.

Ingres looks at /dev/kmem to determine if it has sufficient 
resources to start.  This determination is just a guess, and
could well be wrong, as it cannot predict all the dynamic 
resources required by all the various Ingres components.

Your system administrator is worried because if someone hacks
into the system as the user "ingres", they can, with enough
knowledge, "watch" the kernel and gain important information
useful for further penetration.

OpenIngres 2.0 allows you to disable this resource check 
via CBF, so you could do the following:

  1) Have the system administrator give the "ingres" 
     account read access to /dev/kmem.

  2) Install and configure Ingres.

  3) Turn off the resource checking.

  4) Have the system administrator remove /dev/kmem access.

  5) If you "adjust" Ingres settings (such as add servers, 
     resize buffers, etc), have the system administrator 
     give you temporary access again.

Cheers,



Michael Leo            mleo@cariboulake.com        mal@visi.com
Caribou Lake Software  http://www.cariboulake.com  Java, Oracle, Ingres
Minneapolis, Minnesota (612) 323-9713              

Ingres Q & A

Back to William's Home Page

© William Yuan 2000

Email William