Re: bbed?

I don't see what the big deal is.

Anyone with access to it could just as easily go at the files with
any binary capable editor.  This is a tool, and a learning aid
if you're curious about Oracle internals.  On test databases only.

There are so many methods available to compromise a database
that I think it's kind of silly to be worried about this.  (Just wait until
I get my copy of Litchfield's new book. )

If the executable exists on sensitive systems, just delete it.

It is installed by default on many versions of Windows, though I
can't recall which ones.

Jared

On 2/1/07, oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx>
wrote:

True Mark, but then in the doc he is showing you just how long it is.
All you have to do is count the dots & apply some logic.  Not exactly a
secured application.  You would think that they would ship the rdbms
with something missing to build this puppy.



Dick Goulet, Senior Oracle DBA

45 Bartlett St  Marlborough, Ma 01752, USA
Tel.: 598.573.1978 |Fax:  508.229.2019 | Cell:508.742.5795

RGoulet@xxxxxxxxxx

: POWERING TRANSFORMATION


-----Original Message-----
From: Bobak, Mark [mailto:Mark.Bobak@xxxxxxxxxxxxxxx]
Sent: Thursday, February 01, 2007 11:04 AM
To: Richard J. Goulet; wjwagman@xxxxxxxxxxx; oracle-l
Subject: RE: bbed?

Which is why it's password protected.  But, let's not open that can of
worms again....

To anyone who wants to know the password:
If you really want to use it, you should be clever enough to find the
password.  Don't ask people to tell you what it is. ;-)

-Mark


--
Mark J. Bobak
Senior Oracle Architect
ProQuest Information & Learning

There is nothing so useless as doing efficiently that which shouldn't be
done at all.  -Peter F. Drucker, 1909-2005


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Richard J. Goulet
Sent: Thursday, February 01, 2007 10:27 AM
To: wjwagman@xxxxxxxxxxx; oracle-l
Subject: RE: bbed?

Bill,

        I just looked through a 10.2.0.2 system we have & did not find
bbed either, but I followed the command to build it, namely make -f
ins_rdbms.mk $ORACLE_HOME/rdbms/lib/bbed in the $ORACLE_HOME/rdbms/lib
directory & the darned thing built as stated.  And to boot there is a
target in the make file for the stinker.  I think this is one tool that
could really cause a lot of trouble.



Dick Goulet, Senior Oracle DBA

45 Bartlett St  Marlborough, Ma 01752, USA
Tel.: 598.573.1978 |Fax:  508.229.2019 | Cell:508.742.5795

RGoulet@xxxxxxxxxx

: POWERING TRANSFORMATION


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of William Wagman
Sent: Wednesday, January 31, 2007 8:40 PM
To: oracle-l
Subject: bbed?


Someone just passed this on to me. I checked a coupl of my systems and
didn't find it. It's an editor for modifying dbfs. The page:

<http://www.petefinnigan.com/weblog/archives/00000999.htm>

refers to ways of misusing the tool. The PDF paper has a few pages of
instructions, then some interesting examples of the tool's uses starting
on page 25.

Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman@xxxxxxxxxxx
(530) 754-6208
--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l





--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

Other related posts: