Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Java Permissions Oracle 10 : updated

RE: Java Permissions Oracle 10 : updated

From: John Dunn <jdunn_at_sefas.com>
Date: Tue, 22 Aug 2006 13:52:27 +0100
Message-ID: <004601c6c5e9$d2fff740$3e04050a@johnman> 





Is there any way I can set the PATH somwhere in the Oracle config, or in my
call to rt.exec rather than having to fully qualify the unix command?



John



  -----Original Message-----


  From: Stefan Knecht [mailto:knecht.stefan_at_gmail.com]
  Sent: 22 August 2006 12:13


  To: jdunn_at_sefas.com


  Cc: oracle-l


  Subject: Re: Java Permissions Oracle 10 : updated




  Yes I experienced the same thing - back in 9i, oracle has passed on some
environment settings to the process / script i.e. PATH - 10g no longer does
that. Hence, if you're calling a script you have to either give a fully
qualified path to any executable, or set up your own PATH - also note, if
you're accessing a database in that script, any kind of NLS_LANG or similar
you might have set are not there either.



  Stefan






  On 8/22/06, John Dunn <jdunn_at_sefas.com> wrote:
    Actually I have discovered that permissions were only part of the issue.
The other problem is that when I run a script I have to make sure that I
always specifiy  the #! line at the top of each script e.g.#!/bin/ksh and
also explicitly define the PATH in the scripts.



    I did not need to do this when I was running scripts via the external
procedure listener.





      -----Original Message-----
      From: Stefan Knecht [mailto:knecht.stefan_at_gmail.com]
      Sent: 22 August 2006 11:50
      To: niall.litchfield_at_gmail.com
      Cc: jdunn_at_sefas.com; oracle-l
      Subject: Re: Java Permissions Oracle 10 : updated


      Actually it's not that bad... JVM is very specific about what it


allows - it implements a default policy of "deny everything unless
specifically allowed".


      If you grant execute (or write, for that matter) to specific
application executables only, there's not much that can go wrong, as no
shell is spawned, and therefore no shell processing (like "/my/good/bin &&
/my/bad/bin") can be done.



      the one thing you never want to do is grant execute on a shell, though
:-)



      Stefan





      On 8/22/06, Niall Litchfield < niall.litchfield_at_gmail.com> wrote:
        You might want to think rather carefully about the security


implications of this particular function



        select function_run_os_command('rm -rf *') from dual;



        might be somewhat interesting....




        On 8/22/06, John Dunn <jdunn_at_sefas.com > wrote:



          > Can anyone please assist me with java permissions when running a

java


          > function in  Oracle 10 on linux?

          >





        --
        Niall Litchfield
        Oracle DBA
        http://www.orawin.info








--
http://www.freelists.org/webpage/oracle-l


Received on Tue Aug 22 2006 - 07:52:27 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US