Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: tns vunerability & patch for 8i on NT

Re: tns vunerability & patch for 8i on NT

From: Gary Flynn <flynngn_at_jmu.edu>
Date: Tue, 17 Jul 2001 11:33:41 -0400
Message-ID: <3B545AD5.F63EC62E@jmu.edu> 






Rajiv wrote:


> 

> If anyone needs the details here is what I did. I created a

> nonprivileged user and then started the listner with the appropriate

> permissions on the files which the listener uses.




While it then may be that the user no longer has system privileges,
it still has access to those database files, right?



> Just starting  the listener as a different user

> solves the problem.




Assuming the files it has access to aren't sensitive, there
is also the problem of having any local account compromised.
There are usually more ways to compromise a system (or neighboring
ones) when a local account is available.



Unless you set permissions accordingly, that "nonprivileged" user 
can still probably run uploaded shell scripts, and programs 
accessible to userland in the /bin and other directories.


-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml


Received on Tue Jul 17 2001 - 10:33:41 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US