Re: No local connection via sqlplus (TNS:lost contact)

Laurenz Albe wrote:

>
> I think I know what your problem is.
>
> To sum up the situation:
> The oracle executable has the SETUID and SETGID bits set as it should,
> but only the oracle user can connect via sqlplus, other users in the dba
> group cannot. Setting LD_LIBRARY_PATH does not help.
>
> Was this correct so far?

Correct.

> The problem is that because the SETUID bit is set, the LD_LIBRARY_PATH is
> ignored for the executable for other users.
> This is to prevent a security leak: else you could set LD_LIBRARY_PATH to
> a forged libc library and get it executed as root by invoking su, for
> example.
>
> The solution is to add /oracle/product/9.2.0/lib to the trusted library
> path with crle.

I tried that. Unsetting TWO_TASK (which was the solution provided earlier today) and adding $ORACLE_HOME/lib to the trusted library path produced the same failure as before, though.

Thanks,
Thorsten Received on Mon Nov 28 2005 - 04:21:51 CST