Security issue with DBFS
Date: Thu, 11 Aug 2011 23:19:14 +0800
Message-ID: <BF2EDB73A3E44068BA39996532A54421_at_gmail.com>
Anyone has expirience about DBFS? I'm trying use this 11gR2 new feature for one of my product system, which will finally hold over 400T picture BLOBs.
I'm doing some test for DBFS security and found a problem (bug?)
I use oracle user create a directory.
$ dbfs_client dbfs_at_localhost:1521/orcl --command mkdir dbfs:/dbfs_area/dir1
then use grid user create another directory.
$ dbfs_client dbfs_at_localhost:1521/orcl --command mkdir dbfs:/dbfs_area/dir2
after that I list dirs and all looks good. both dir's privlige is 755, which should means only user can has WRITE permission.
$ dbfs_client dbfs_at_localhost:1521/orcl --command ls -l dbfs:/dbfs_area
Password:
drwxr-xr-x grid oinstall 0 Aug 11 22:41 dbfs:/dbfs_area/dir2
drwxr-xr-x oracle oinstall 0 Aug 11 22:41 dbfs:/dbfs_area/dir1
But I try to use oracle user to copy file into 2 directories, both succeed. huh? Do I missed something?
[oracle_at_dbserver-oel ~]$ dbfs_client dbfs_at_localhost:1521/orcl --command cp test.txt dbfs:/dbfs_area/dir1/
Password:
test.txt -> dbfs:/dbfs_area/dir1/test.txt
[oracle_at_dbserver-oel ~]$ dbfs_client dbfs_at_localhost:1521/orcl --command cp test.txt dbfs:/dbfs_area/dir2/
Password:
test.txt -> dbfs:/dbfs_area/dir2/test.txt
$ dbfs_client dbfs_at_localhost:1521/orcl --command ls -l -R dbfs:/dbfs_area
Password:
drwxr-xr-x grid oinstall 0 Aug 11 22:41 dbfs:/dbfs_area/dir2 -rw-r--r-- oracle oinstall 27 Aug 11 22:41 dbfs:/dbfs_area/dir2/test.txt drwxr-xr-x oracle oinstall 0 Aug 11 22:41 dbfs:/dbfs_area/dir1 -rw-r--r-- oracle oinstall 27 Aug 11 22:41 dbfs:/dbfs_area/dir1/test.txt
Any feedback will be appreciated.
-- Zhang Leyi (Kamus) <kamusis_at_gmail.com> Visit my blog for more: http://www.dbform.com Join ACOUG: http://www.acoug.org Sent with Sparrow (http://www.sparrowmailapp.com/?sig) -- http://www.freelists.org/webpage/oracle-lReceived on Thu Aug 11 2011 - 10:19:14 CDT