Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: root logging as internal

Re: root logging as internal

From: <anon_1_at_my-deja.com>
Date: 2000/04/05
Message-ID: <8cfcg5$m0n$1@nnrp1.deja.com>#1/1 






In article <m1em8lvbap.fsf_at_inconnu.isu.edu>,
  Craig Kelley <ink_at_inconnu.isu.edu> wrote:


> anon_1_at_my-deja.com writes:

>

> > In article <954871662.23496.0.pluto.d4ee154e_at_news.demon.nl>,

> >   "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote:

 


> > > > he did this

> > > >

> > > > $ su - oracle

> > > >

> > > > $ svrmgrl

> > > >

> > > > svrmgr > connect internal

> > > >

> > > > And he was off to the races.  Seeing that this is a gaping hole

 in


 our


> > > > security I tried a variety of items including using the orapwd

> > > > utility.  I ended up calling Oracle, and they said that since

 root


 is a


> > > > special account and can su to anything, they can log into

 Oracle as


> > > > they see fit.

> > > >

> > > > I'm having a tough time believing this.  So...

> > > >

> > > > 1) Is this true?

> > >

> > > Yes!

> > >

> > > > 2) If there is a work around could you pls post it.

> > > >

> > >

> > > Fire your admin

> > > At some point you simply should trust a person and/or log all his

 actions on


> > > a hardcopy terminal.

> > > If you don't trust him, don't give them job. One of the facts in

 live


 in


> > > Unix is anyone knowing the root password can do anything.

> > >

> >

> > Wishful thinking - the UNIX admin contractor is in a seperate UNIX

> > department.  They utlimately report to a seperate department head.

> > Basically you're looking at an act of Congress for a firing to

 happen -


> > they are short handed.  That's OK though - because they are at the

> > front of the blame list if anything breaks (and I'm sure something

 will


> > break). :-)

>

> Install a few trojans of your own; chances are they won't check.

>

> mv svrmgrl my_svrmgl;

> cat > svrmgrl

> #!/bin/sh

> mail -s "blah" my_at_email.address <<EOF

> Someone tried to run svrmgrl on `date`

> whoami reports `whoami`

> id reports `id`

> my HOME is $HOME

> EOF


> $ORACLE_HOME/bin/svrmgrl

> ^D




Great idea - I like this.



anon_1


>

> --

> The wheel is turning but the hamster is dead.

> Craig Kelley  -- kellcrai_at_isu.edu

> http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block

>





Sent via Deja.com http://www.deja.com/


Before you buy.
Received on Wed Apr 05 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US