RE: java package to run OS command

From: Jesse, Rich <Rich.Jesse_at_qtiworld.com>
Date: Thu, 04 Dec 2003 10:54:34 -0800
Message-ID: <F001.005D8CDC.20031204105434@fatcity.com>

Bingo! Right on the money.

1. Limit java.fileio.FilePermission("execute") to a single non-system directory.
2. Control the contents of that directory. This *should* be easy -- make oracle the owner and set security on it to 700.

Now where's the hassle in that? :)

Rich

Rich Jesse                           System/Database Administrator
rjesse_at_qtiworld.com                  Quad/Tech Inc, Sussex, WI USA

-----Original Message-----
Sent: Thursday, December 04, 2003 12:39 PM To: Multiple recipients of list ORACLE-L

will it catch following command apart from "rm -rf" ???

find /var/opt/oracle/logs -mtime +1 -type f -name "*.trc"|perl -nle unlink

Probably not ... and that's why it is dangerous ... basically you should have a set of fixed programs that can be called and accept only arguments from calling programs. That will give at-least more control.

Raj
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Jesse, Rich
  INET: Rich.Jesse_at_qtiworld.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Dec 04 2003 - 12:54:34 CST