Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Changing Oracle gid and uid?

Re: Changing Oracle gid and uid?

From: Mark Bole <makbo_at_pacbell.net>
Date: Tue, 11 Oct 2005 16:46:29 -0700
Message-ID: <434C4ED5.3090203@pacbell.net> 





Denny and Mark:



Denny Koovakattu wrote:


>   But in practice, chown removes the setuid bit. If not, you could break into

> systems that way. Make a copy of ksh or sh, set the setuid bit and then change

> ownership to any other user and then execute the new shell with setuid ;)

> 




Still can't see it.  After chown, the pre-existing setuid bit is still 
showing for the new owner:



% ls -l /tmp/oracle


-rwsr-s--x    1 oracle   dba      71242229 Jan 13  2005 /tmp/oracle*
% chown mark /tmp/oracle


% ls -l /tmp/oracle


-rwsr-s--x    1 mark     dba      71242229 Jan 13  2005 /tmp/oracle*




Bobak, Mark wrote:

 > Except of course, for root.  Chown by root does not touch suid/sgid
 > bits.  But then, if you already have root, system security is not an
 > issue.





Exactly.  Who besides root (UID=0) can perform a chown?  So, as shown 
correctly in the steps I listed, you should not have to re-set any 
setuid bits to successfully change the ownership of oracle software.



I'm willing to believe that some shell executables may be subject to 
special handling when it comes to set-UID status, especially with GNU 
versions of the utilities, but haven't tested it.



But bottom line, file ownership and file permissions in Unix are 
generally orthogonal attributes.



-Mark Bole





--
http://www.freelists.org/webpage/oracle-l


Received on Tue Oct 11 2005 - 18:48:33 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US