Re: Changing Oracle gid and uid?
- From: Mark Bole <makbo@xxxxxxxxxxx>
- Date: Tue, 11 Oct 2005 16:46:29 -0700
Denny and Mark:
Denny Koovakattu wrote:
But in practice, chown removes the setuid bit. If not, you could break into
systems that way. Make a copy of ksh or sh, set the setuid bit and then change
ownership to any other user and then execute the new shell with setuid ;)
Still can't see it. After chown, the pre-existing setuid bit is still
showing for the new owner:
% ls -l /tmp/oracle
-rwsr-s--x 1 oracle dba 71242229 Jan 13 2005 /tmp/oracle*
% chown mark /tmp/oracle
% ls -l /tmp/oracle
-rwsr-s--x 1 mark dba 71242229 Jan 13 2005 /tmp/oracle*
Bobak, Mark wrote:
> Except of course, for root. Chown by root does not touch suid/sgid
> bits. But then, if you already have root, system security is not an
> issue.
Exactly. Who besides root (UID=0) can perform a chown? So, as shown
correctly in the steps I listed, you should not have to re-set any
setuid bits to successfully change the ownership of oracle software.
I'm willing to believe that some shell executables may be subject to
special handling when it comes to set-UID status, especially with GNU
versions of the utilities, but haven't tested it.
But bottom line, file ownership and file permissions in Unix are
generally orthogonal attributes.
-Mark Bole
--
//www.freelists.org/webpage/oracle-l
Other related posts: