Re: DBAs running root.sh
Date: Mon, 03 Feb 2014 18:05:17 +0000
Message-id: <DDD9470B-DD2E-4603-9FB1-1483A7D789FE_at_me.com>
Thanks Niall.
Yes, the SA concern is that someone with access to the oracle OS account (DBA or attacker) can add arbitrary commands of their choosing to root.sh and run them as root.
I totally agree with you - a DBA or attacker with "oracle" access on a DB server can do some pretty serious damage without resorting to edits on root.sh!
On 3 Feb 2014, at 17:42, Niall Litchfield <niall.litchfield_at_gmail.com> wrote:
> I think the SA's argument is this.
>
> root.sh is an executable shell script owned by oracle and therefore modifiable by oracle - a non-privileged user could therefore use root.sh as an attack vector against the server. This is, as far as I can tell, correct. Whether it is any more of a threat than the dba being able to run arbitrary code with the privileges that the oracle account has seems unlikely to me. I'd probably suggest a round table meeting between the O/S, DBA and Security subject matter experts to agree a solution..
>
> As the scripts generated contain the ORACLE_HOME path in them I think the suggested approach likely to be problematic, clearly one could edit root.sh (and all the scripts that it calls nowadays) to take, say, $ORACLE_HOME as an argument and then have an authorized central repository of them, good luck with the support ticket when something is missed though.
>
> Interesting question Austin.
>
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Feb 03 2014 - 19:05:17 CET