Re: external procedure as not-oracle on OS
Hi This would be a security risk to have a java callout that can execute any OS command with group ID DBA, this means it could for instance.. call sqlplus -s and execute a script that changes the SYS passwordedit the password file and change the password hashes to known values...why not just delete the data files please think again and run extproc as a user such as the Unix user nobody then any OS command has less chance of causing damage. See Oracle security step-by-step book for info on how to set it up or Tom Kytes book, I think mentions this as well. hth kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: external procedure as not-oracle on OS
you can do this all easily with a java stored procedure. alot less code. also, it will run as the DBA group on unix. there is an example in tom kytes book. Really short code. You can call any OS script with it. Might be on his website too. you then create a chmod script in unix that oracle has permissions to execute. That script will have permission to effect the users script. Sound abstraction. Then Oracle can only effect the users script through your intermediary. From: Henry Poras [EMAIL PROTECTED] Date: 2003/09/05 Fri PM 04:29:26 EDT To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Subject: external procedure as not-oracle on OS In order to run some OS commands from within the database we have set up a few external procedures. One of the functions we need to accomplish is to change the permissions of a file owned by a user other than oracle. As the external procedure is executed by Oracle, this is a problem. I tried changing the ownership of the .so file to the other user, setting the setuid bit, and granting oracle execute permissions on this file. That didn't work. Our next thought is to have the .so file call a C executable (set with the setuid bit) which will run chmod. The thought of one person here is that setuid is strictly for executables and .so is more of a library/collection-of-code, not strictly an exe. I'm not too clear on this differentiation. It's also an ugly solution, but that's the direction in which we are moving. Has anyone come up with any other alternatives? Thanks. Henry -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Henry Poras INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: [EMAIL PROTECTED] INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: external procedure as not-oracle on OS
You would need to have extproc run as some user other than oracle. The suggested user on unix systems is 'nobody', with rather limited privileges. Setting it to root might prove dangerous. Jared Henry Poras [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/05/2003 01:29 PM Please respond to ORACLE-L To:Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:external procedure as not-oracle on OS In order to run some OS commands from within the database we have set up a few external procedures. One of the functions we need to accomplish is to change the permissions of a file owned by a user other than oracle. As the external procedure is executed by Oracle, this is a problem. I tried changing the ownership of the .so file to the other user, setting the setuid bit, and granting oracle execute permissions on this file. That didn't work. Our next thought is to have the .so file call a C executable (set with the setuid bit) which will run chmod. The thought of one person here is that setuid is strictly for executables and .so is more of a library/collection-of-code, not strictly an exe. I'm not too clear on this differentiation. It's also an ugly solution, but that's the direction in which we are moving. Has anyone come up with any other alternatives? Thanks. Henry -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Henry Poras INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).