Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Java Permissions Oracle 10 : updated

RE: Java Permissions Oracle 10 : updated

From: John Dunn <>
Date: Tue, 22 Aug 2006 13:52:27 +0100
Message-ID: <004601c6c5e9$d2fff740$3e04050a@johnman>

Is there any way I can set the PATH somwhere in the Oracle config, or in my call to rt.exec rather than having to fully qualify the unix command?


  -----Original Message-----
  From: Stefan Knecht []   Sent: 22 August 2006 12:13
  Cc: oracle-l
  Subject: Re: Java Permissions Oracle 10 : updated

  Yes I experienced the same thing - back in 9i, oracle has passed on some environment settings to the process / script i.e. PATH - 10g no longer does that. Hence, if you're calling a script you have to either give a fully qualified path to any executable, or set up your own PATH - also note, if you're accessing a database in that script, any kind of NLS_LANG or similar you might have set are not there either.


  On 8/22/06, John Dunn <> wrote:     Actually I have discovered that permissions were only part of the issue. The other problem is that when I run a script I have to make sure that I always specifiy the #! line at the top of each script e.g.#!/bin/ksh and also explicitly define the PATH in the scripts.

    I did not need to do this when I was running scripts via the external procedure listener.

      -----Original Message-----
      From: Stefan Knecht []
      Sent: 22 August 2006 11:50
      Cc:; oracle-l
      Subject: Re: Java Permissions Oracle 10 : updated

      Actually it's not that bad... JVM is very specific about what it
allows - it implements a default policy of "deny everything unless specifically allowed".

      If you grant execute (or write, for that matter) to specific application executables only, there's not much that can go wrong, as no shell is spawned, and therefore no shell processing (like "/my/good/bin && /my/bad/bin") can be done.

      the one thing you never want to do is grant execute on a shell, though :-)


      On 8/22/06, Niall Litchfield <> wrote:
        You might want to think rather carefully about the security
implications of this particular function

        select function_run_os_command('rm -rf *') from dual;

        might be somewhat interesting....

        On 8/22/06, John Dunn < > wrote:

> Can anyone please assist me with java permissions when running a

> function in Oracle 10 on linux?

        Niall Litchfield
        Oracle DBA

Received on Tue Aug 22 2006 - 07:52:27 CDT

Original text of this message