Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: Project lockdown - opinion solicitation
EdStevens wrote:
> On advice last week, I have downloaded the "Project Lockdown" document
> and begun reviewing it. I get a very uneasy feeling about his
> suggestion to remove the SUID bit from the Oracle executables.
> Searching through this ng I find a lot of issues stemming from not
> leaving the file permissions just as they are created when following
> installation instructions to the letter.
>
> It seems to me this could cause a lot of nagging problems. It also
> seems that if your ORACLE_HOME is on a box where issuance of os user
> accounts is limited to DBAs and SAs the ability to exploit the SUID
> would be extremely limited.
>
> Am I missing something?
The issue is exactly as you state it ... "limited to DBAs and SAs the ability to exploit."
Make the change and you are more secure. But, of course, don't do it until after installation is successfully completed.
-- Daniel A. Morgan University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Fri Aug 24 2007 - 12:54:59 CDT
![]() |
![]() |