Re: setting up a new database - remove any permissions?

  • From: Rich J <rjoralist3@xxxxxxxxxxxxxxxxxxxxx>
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Wed, 10 Aug 2016 08:49:15 -0500

 

On 2016/08/09 18:42, Jeff Chirco wrote: 

Wondering if any of you have basic scripts you run everytime you create a new 
database. What do you configure? Do you remove any permissions from PUBLIC? I 
know I have experimented with removing certain objects from PUBLIC but found 
that it came back to bite me when applying patches and updates. Patches would 
either fail or cause some components to not be valid.

A few years ago, our auditors asked about EXECUTE privs granted on
specific database objects to PUBLIC. Here's what I found (and was/is
hopefully valid for 11gR2!): 

                Object Name
                Category
                Risk Assessment
                Comment

                ORA_MINING_NUMBER_NT
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                ORA_MINING_TABLE_TYPE
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                ORA_MINING_VARCHAR2_NT
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                URITYPE
                Object type
                Low
                Object created with invoker rights

                FTPURITYPE
                Object type
                Low
                Object created with invoker rights

                AQ$_AGENT
                Object type
                Low
                Contains no methods

                AQ$_DEQUEUE_HISTORY
                Object type
                Low
                Contains no methods

                AQ$_HISTORY
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                AQ$_MIDARRAY
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                AQ$_NOTIFY_MSG
                Collection type
                Low
                No evidence found that a collection type has any security
implications

                UTL_BINARYINPUTSTREAM
                Object type
                Low
                Object created with invoker rights

                UTL_BINARYOUTPUTSTREAM
                Object type
                Low
                Object created with invoker rights

                UTL_CHARACTERINPUTSTREAM
                Object type
                Low
                Object created with invoker rights

                UTL_CHARACTEROUTPUTSTREAM
                Object type
                Low
                Object created with invoker rights

                ROW_LCR88_T
                Object type
                Low
                Contains no methods

                XDBURITYPE
                Object type
                Low
                Object created with invoker rights

                XMLBINARYINPUTSTREAM
                Object type
                Low
                Unable to locate any security concerns on this view from Oracle 
Corp,
CIS, SANS, Red Database Security, etc.

                XMLBINARYOUTPUTSTREAM
                Object type
                Low
                Unable to locate any security concerns on this view from Oracle 
Corp,
CIS, SANS, Red Database Security, etc.

                XMLCHARACTERINPUTSTREAM
                Object type
                Low
                Unable to locate any security concerns on this view from Oracle 
Corp,
CIS, SANS, Red Database Security, etc.

I'm no security expert, so feedback from someone who's more
knowledgeable in this area would be a good thing. 

Rich 

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 08-2016