javasyspriv - a security vulnerability?

From: SA <a_at_a.com>
Date: Sat, 19 Oct 2002 16:20:42 -0400
Message-ID: <FA6dnX2lyf0AIyygXTWcqw@comcast.com>

I have a java stored proc created in a schema to execute OS commands on UNIX (Database version 9.2). This schema has been granted JAVASYSPRIV.

If I create a file using this stored proc, the file gets ownership of unix id oracle. How can I prevent this to happen? Can I control my environment in such a way that this java stored proc creates file with a specified unix id and not oracle id?

On a side note, is this behavior not a security vulnerability?

thanks Received on Sat Oct 19 2002 - 15:20:42 CDT

This message: [ Message body ]
Next message: Niall Litchfield: "Re: SW vendor insists on RBO"
Previous message: Sybrand Bakker: "Re: Restore Database different versions"
Next in thread: Thomas Kyte: "Re: javasyspriv - a security vulnerability?"
Reply: Thomas Kyte: "Re: javasyspriv - a security vulnerability?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US