Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem calling C external procedure

Re: Security problem calling C external procedure

From: Rick Wessman <rwessman_at_rochester.rr.com>
Date: 14 Nov 2000 09:50:39 -0500
Message-ID: <m3y9ym1ubk.fsf@rwessman-pc.us.oracle.com> 






One thing that could be done is to make the extproc executable setuid to some
other user. That would ensure that you are running as a user other than the
oracle user.



However, please do not make it setuid to root as (obviously) extproc would
then be able to execute any command.



"Sergei Gouskov" <sgouskov_at_ue.com.au> writes:



> Helllo,

> From plsql I call C function as external procedure (shared library on unix),

> I found that this function got all  access permitions that user oracle

> has...and this of course invoked strong objections from DBA team leader :)

> now, I wonder if you people deal with such an issue before? what choices do

> I have?

> 

> rgds, Sergei Gouskov

> 

> 

> 

> 

> 

 

-- 
                                Thanks,
                                Rick
                                Rick Wessman
                                Server Security Group
                                Oracle Corporation
                                Rick.Wessman_at_oracle.com

     The opinions expressed above are mine and do not necessarily reflect
                         those of Oracle Corporation.


Received on Tue Nov 14 2000 - 08:50:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US