Bingo! Right on the money.
1) Limit java.fileio.FilePermission("execute") to a single non-system
directory.
2) Control the contents of that directory. This *should* be easy -- make
oracle the owner and set security on it to 700.
Now where's the hassle in that? :)
Rich
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech Inc, Sussex, WI USA
-----Original Message-----
Sent: Thursday, December 04, 2003 12:39 PM
To: Multiple recipients of list ORACLE-L
will it catch following command apart from "rm -rf" ???
find /var/opt/oracle/logs -mtime +1 -type f -name "*.trc"|perl -nle unlink
Probably not ... and that's why it is dangerous ... basically you should
have a set of fixed programs that can be called and accept only arguments
from calling programs. That will give at-least more control.
Raj
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
