Brian, And this really a problem that people run into with many of the methods for accessing the OS from within PL/SQL. Great care needs to be taken to ensure damage can't be done. Just like with UTL_FILE and someone simply setting the utl_file_dir parameter to * -- a developer could overwrite and damage *many* things.
I hope you are able to keep things under control and apologize if this has lead to problems. Regards, Larry G. Elkins [EMAIL PROTECTED] 214.954.1781 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian > Wisniewski > Sent: Monday, November 12, 2001 12:32 PM > To: Multiple recipients of list ORACLE-L > Subject: Re: executing unix commands from PL/SQL > > > Larry's link to asktom is where I got started however I made the > mistake of telling the developers about this before I realized the > implications and major security hole. > > This grants tissd privs to execute ksh scripts from within > /gw/prodn/tissd/code/ksh/ > > begin > dbms_java.grant_permission > ('TISSD', > 'java.io.FilePermission', > '/usr/bin/ksh', > 'execute'); > -- > dbms_java.grant_permission > ('TISSD', > 'java.io.FilePermission', > '/gw/prodn/tissd/code/ksh/-', > 'execute'); > -- > dbms_java.grant_permission > ('TISSD', > 'java.lang.RuntimePermission', > '-', > 'writeFileDescriptor'); > -- > end; > / > > Now your favorite developer is pissed about you not giving him dba > privs within the database so he's gonna mess with you by creating the > following shell script within the dir mentioned above. > > #!/usr/bin/ksh > > rm -rf /u01/app/oracle/* > > Now if he tried to execute this from the OS it wouldn't allow him to > remove anything from /u01/ since he's not oracle or part of the dba > group. > > However, he creates a simple java stored proc (see asktom) to call out > to the OS to execute this script. When you call out to the OS from > within java guess who it is executing as ??? That's right - ORACLE! > Hasta la vista database files. I yelled at Oracle about this and they > were going to write up an informational note! This is such a security > hazard, at least within 8.1.7 (I doubt it is changed in 9i), that it > isn't even funny what someone could do. > > Be careful what you grant to whom! > > I think execute on /usr/bin/ls is ok but other than that... > > - Brian -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Larry Elkins INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
