Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem calling C external procedure
thank you Rick,
The problem is that called C function does not make any calls to database
but call shell commands like mkdir or mv, rm , etc thus creating/deleting
files-directories in the os file system (so you can easily destroy
oracle/bin....) I guess this is the question to C gurus - is it possible to
reset (limit) process os permissions or the os user of spawned process
(within the process itself) so that spawned process will not use inherited
oracle user access privileges?
TA Sergei
Rick Wessman wrote in message ...
>One thing that could be done is to make the extproc executable setuid to
some
>other user. That would ensure that you are running as a user other than the
>oracle user.
>
>However, please do not make it setuid to root as (obviously) extproc would
>then be able to execute any command.
>
> Thanks,
> Rick
> Rick Wessman
> Server Security Group
> Oracle Corporation
> Rick.Wessman_at_oracle.com
>
> The opinions expressed above are mine and do not necessarily reflect
> those of Oracle Corporation.
Received on Tue Nov 14 2000 - 15:46:28 CST