Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: tns vunerability & patch for 8i on NT
Rajiv wrote:
>
> If anyone needs the details here is what I did. I created a
> nonprivileged user and then started the listner with the appropriate
> permissions on the files which the listener uses.
While it then may be that the user no longer has system privileges, it still has access to those database files, right?
> Just starting the listener as a different user
> solves the problem.
Assuming the files it has access to aren't sensitive, there is also the problem of having any local account compromised. There are usually more ways to compromise a system (or neighboring ones) when a local account is available.
Unless you set permissions accordingly, that "nonprivileged" user can still probably run uploaded shell scripts, and programs accessible to userland in the /bin and other directories.
-- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtmlReceived on Tue Jul 17 2001 - 10:33:41 CDT