Troubleshooting
Problem
Why do the A-TAP library files need the SUID/SGID bits set?
Normally, set the bits for the binary that uses the library. Can SUID be removed from these files?
Symptom
During OS security scans, Guardium A-TAP libraries that are installed under /usr/lib are identified to have the SUID or SGID bit set.
Can the SUID setting from A-TAP libraries be removed as it violates security scanning?
If not, why is SUID is needed and what would be impacted if it is removed?
root:root:r-sr-sr-x:/usr/lib/libguard-atap-db2-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-informix-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-informix_new-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-mongodb-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-oracle-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-oraclestatic-any-64.a
root:root:r-sr-sr-x:/usr/lib/libguard-atap-oraclestatic-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-postgres-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-sybase-15-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-sybaseiq-any-64.so
root:root:r-sr-sr-x:/usr/lib/libguard-atap-teradata-any-64.so
root:root:r-sr-sr-x:/usr/lib64/libguard-atap-sybaseiq-any-util-64.so
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF043","label":"Red Hat"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
10 October 2023
UID
ibm10872734