Assuming UNIX variants...
Accessing shared memory (where the Oracle SGA resides in UNIX) after
database shutdown requires "root" privileges in order to read from
"/dev/mem" (or the equivalent on your OS-variant), which is the only
way to access regions of memory outside of the APIs provided via the
systems calls for shared memory (i.e. shmctl, shmat, etc) or heap/data
memory allocation within an image (i.e. brk, sbrk, etc). That's what
an API is designed to do -- provide controlled access to privileged
services outside of a privileged account.
The upshot is that the "root" account must be compromised in order for
the quote "
Information in caches may be accessed outside of Oracle
and beyond the control of the security parameters" to be true. And
if that becomes true, then the accessing of memory caches potentially
"left behind" by Oracle are the absolute least of your concerns... ;-)
Perhaps the guideline is thinking of some other form of "caching", such
as "temporary files" or caching performed into files, not necessarily
by the RDBMS? Perhaps by the app-server? Web-server?
Jason Heinrich wrote:
I'm working on implementing the CIS guidelines for Oracle
10g in a database, and I'm a bit confused over one of them:
6.02 Cache -- Cache must be emptied at shut down of Oracle.
"Information in caches may be accessed outside of Oracle and beyond the
control of the security parameters."
First of all, they don't mention which caches need to be emptied at
shutdown -- I'm assuming the buffer cache and the shared pool. Second,
how could information in the cache be accessed after the instance is
shut down? Does the data still exist in memory until overwritten? If
so, then I guess someone with the right utility could read those memory
addresses and the OS wouldn't prevent them because the addresses no
longer belonged to a process?
--
Jason Heinrich
Oracle Developer/DBA
--
http://www.freelists.org/webpage/oracle-l
Received on Thu Oct 25 2007 - 02:08:32 CDT
