Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem calling C external procedure

Re: Security problem calling C external procedure

From: <stefan.koeniger_at_t-online.de>
Date: Fri, 17 Nov 2000 10:38:07 GMT
Message-ID: <8v31qf$6qg$1@nnrp1.deja.com> 






Hi,



Recently I had the same problem.


My solution:


In PL/SQL an external function "external" is called, the parameter is
the


action which should be done in UNIX, i.e. mv <old> to <new>.
This external function simply calls a C-written function which makes a
sytem-call "system". The parameter is a wrapper-program "system" and
the action to be done. This wrapper-program also makes a system-call
with the action as parameter.


On the wrapper-program the setuid-bit is set to the user in which the
action should be done.


It works fine for file system operations, but unfortunately if the
action tries to connect to Oracle and the authorization
should be made by OS-User, Oracle uses the real uid rather than the
effective uid, but this doesnt concern to you.



If you want the code email me.


Stefan Koeniger





Sent via Deja.com http://www.deja.com/


Before you buy.
Received on Fri Nov 17 2000 - 04:38:07 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US