RE: "SET UID" not set for oracle executable ?
- From: Stephen.Lee@xxxxxxxx
- To: oracle-l@xxxxxxxxxxxxx
- Date: Thu, 12 Aug 2004 08:24:45 -0500
I'm about 98% sure that the SUID isn't absolutely required just to get a
database running. My memory might be a little foggy here, but I think I
recall that one work around for a security hole that was identified within
the last year, where it was possible to execute the oracle binary with
malicious command line arguments (I don't recall the version or the
platform), was to remove execute for "other" from the oracle binary and
remove the suid.
I wonder if somebody recently did some kind of installation on the box that
changed who the executable file thinks is the official person who should run
things.
> in my case ORACLE executable is owned by DEVDB01:DBA
> and started by the same user
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
