Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Project lockdown - opinion solicitation

Re: Project lockdown - opinion solicitation

From: Frank van Bortel <frank.van.bortel_at_gmail.com>
Date: Sun, 26 Aug 2007 15:21:37 +0200
Message-ID: <faruoo$6nu$2@news5.zwoll1.ov.home.nl> 





-----BEGIN PGP SIGNED MESSAGE-----



Hash: SHA1



EdStevens wrote:


> On advice last week, I have downloaded the "Project Lockdown" document

> and begun reviewing it.  I get a very uneasy feeling about his

> suggestion to remove the SUID bit from the Oracle executables.

> Searching through this ng I find a lot of issues stemming from not

> leaving the file permissions just as they are created when following

> installation instructions to the letter.

> 

> It seems to me this could cause a lot of nagging problems.  It also

> seems that if your ORACLE_HOME is on a box where issuance of os user

> accounts is limited to DBAs and SAs the ability to exploit the SUID

> would be extremely limited.

> 

> Am I missing something?

> 




APEX? XML DB opening up port 808, 2100? create directory right
for dbsnmp, which is quite a powerful account?



Start seeing the holes?






Top-posting is one way to shut me up...


-----BEGIN PGP SIGNATURE-----



Version: GnuPG v1.4.1 (MingW32)



iD8DBQFG0X5hLw8L4IAs830RAnMhAJ4u8JiX+JnAKDbw4ZgYAx8sA3APrACfbbMB
UVtPFGN6rWf40yxzLpLYe/Y=


=bVFp


-----END PGP SIGNATURE-----

Received on Sun Aug 26 2007 - 08:21:37 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US