Berkeley DB Reference Guide: Environment
Security
There are two important security concerns when writing Berkeley DB applications.
The first is the directory used as the database home environment. It is important that the environment home directory be carefully created to have the correct permissions for the system to ensure that databases are not accessible to users without the correct permissions. Berkeley DB never creates the database home directory, it must be created before the application is run.
The second is the use of environment variables in file naming, i.e., DB_USE_ENVIRON and DB_USE_ENVIRON_ROOT. If a Berkeley DB application is running with additional permissions, (e.g., UNIX setuid or setgid permissions), and either of these variables is set, users could potentially cause the application to read and write databases to which the user would not normally have access.
By default, Berkeley DB always creates files readable and writeable by the owner and the group (i.e., S_IRUSR, S_IWUSR, S_IRGRP and S_IWGRP, or octal mode 0660 on historic UNIX systems). The group ownership of created files is based on the system and directory defaults, and is not further specified by Berkeley DB.
