Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem calling C external procedure
Hi,
Recently I had the same problem.
My solution:
In PL/SQL an external function "external" is called, the parameter is
the
action which should be done in UNIX, i.e. mv <old> to <new>.
This external function simply calls a C-written function which makes a
sytem-call "system". The parameter is a wrapper-program "system" and
the action to be done. This wrapper-program also makes a system-call
with the action as parameter.
On the wrapper-program the setuid-bit is set to the user in which the
action should be done.
It works fine for file system operations, but unfortunately if the
action tries to connect to Oracle and the authorization
should be made by OS-User, Oracle uses the real uid rather than the
effective uid, but this doesnt concern to you.
If you want the code email me.
Stefan Koeniger
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Fri Nov 17 2000 - 04:38:07 CST
![]() |
![]() |