Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem calling C external procedure

Re: Security problem calling C external procedure

From: <stefan.koeniger_at_t-online.de>
Date: Fri, 17 Nov 2000 10:38:07 GMT
Message-ID: <8v31qf$6qg$1@nnrp1.deja.com>

Hi,

Recently I had the same problem.
My solution:
In PL/SQL an external function "external" is called, the parameter is the
action which should be done in UNIX, i.e. mv <old> to <new>. This external function simply calls a C-written function which makes a sytem-call "system". The parameter is a wrapper-program "system" and the action to be done. This wrapper-program also makes a system-call with the action as parameter.
On the wrapper-program the setuid-bit is set to the user in which the action should be done.
It works fine for file system operations, but unfortunately if the action tries to connect to Oracle and the authorization should be made by OS-User, Oracle uses the real uid rather than the effective uid, but this doesnt concern to you.

If you want the code email me.
Stefan Koeniger

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Fri Nov 17 2000 - 04:38:07 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US