Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SIGSEGV a bug or a feature?

Re: SIGSEGV a bug or a feature?

From: Joel Garry <joel-garry_at_home.com>
Date: 3 Feb 2004 15:56:02 -0800
Message-ID: <91884734.0402031556.2fe1eb20@posting.google.com> 





Andreas Plesner Jacobsen <apj_at_daarligstil.dk> wrote in message news:<slrnc1uoso.9i0.apj_at_slartibartfast.nerd.dk>...


> I've recently bumped into an Oracle problem: Due to a problem in

> DBD::Oracle (at least reproducible when using the latest DBI and

> DBD::Oracle with 8.1.7.4 libs, but that's not really relevant here), I'm

> able to crash the Oracle process I am connected to on a 9r2 server. The

> Oracle process crashes due to a null pointer deref, so this is probably

> not exploitable for anything other than filling up $ORACLE_HOME with

> trace files.

> 

> My only problem is: Oracle won't acknowledge that this is a bug. The

> claim is: This is an application sending us bad data, so we don't see a

> problem in handling this with a server-side crash (which gives the

> client a nice EOF on communications channel, but no good error message).

> 

> So, what's your take on this? Isn't this a bug in Oracle? Should ANY

> invalid data be able to crash the Oracle process it's connected to?




Send the data to metalink and crash _their_ server!



Which process are you referring to?  If it is just a spawned beq they
might have a point, user written application bugs are out of their
purview.  The database should just rollback and go on.  If it is
crashing your database writer, that would be a serious DNS attack.



jg

--
@home.com is bogus.
http://www.signonsandiego.com/news/uniontrib/tue/business/news_1b3mp3.html


Received on Tue Feb 03 2004 - 17:56:02 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US