Re: Using DD to Read Data from Oracle Datafiles
- From: Nuno Souto <dbvision@xxxxxxxxxxxx>
- Date: Fri, 09 Feb 2007 22:21:37 +1100
Kevin Closson wrote,on my timestamp of 9/02/2007 4:34 PM:
Linux tmr6s13 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:56:28 EST 2006 x86_64
x86_64 x86_64 GNU/Linux
[root@tmr6s13 bin]# ls *sh*
ash ash.static bash bsh csh ksh sh tcsh zsh
...ENOENT
ENOENT indeed: it's all by options now. Or a symlink
to a script that uses the options. But it's still there.
And at least in the case of bash, it's configurable on what
can be executed. A much better way I reckon of controlling
all this than elaborate security schemes based on exec
file authorisations, or FGAC, or whatever else db2/ss use?
And I agree 100%: give them "cc" and one might
as well roll out the red carpet and add a band.
The problem of course is still how to prevent an
admin type from doing the same. But that is another
thing altogether.
It's got to do with empowerment. One cannot have admin
positions be menial, offshorable jobs.
Personally, I think that one will never be overcome
other than by registration. IOW, don't hire the dude/ette
off a rack: breed them inhouse or screen them carefully.
It can be done: it's still done everyday in the military.
For a very good reason.
--
Cheers
Nuno Souto
in sunny Sydney
--
//www.freelists.org/webpage/oracle-l
Other related posts:
