Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Question Re CIS Guidelines (cache freed on Oracle shutdown)

RE: Question Re CIS Guidelines (cache freed on Oracle shutdown)

From: Mark W. Farnham <mwf_at_rsiz.com>
Date: Fri, 26 Oct 2007 14:21:22 -0400
Message-ID: <01b301c817fd$059d9fc0$1100a8c0@rsiz.com> 





Depending on the OS, when Oracle is shut down, it might be possible to start
a program with no particular priviledges and gain access to memory that has
not been zeroed out that is no longer allocated with restriction to root or
oracle owner access. Your mileage may vary. For a given operating system you
can make a controlled test with a program that attaches all free memory (or
at least something you know was previously populated) and which
intentionally does not zero things out itself and scan through to see if the
OS zeroes things for you.

 



This is, of course, when Oracle is shut down, as you mentioned in the 6.02
reference line. Being able to look into the Oracle cache areas without
oracle user owner or root access should not be possible while Oracle is
running, as Tim wrote, or else you've got yourself a whole 'nother world of
hurt.

 



But for various OS implementations freed cache laying around after Oracle is
shut down *may* be an issue of concern.

 



Regards,

 



mwf

 






From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
On Behalf Of Tim Gorman


Sent: Thursday, October 25, 2007 3:09 AM
To: jheinrichdba_at_gmail.com


Cc: oracle-l


Subject: Re: Question Re CIS Guidelines

 



Assuming UNIX variants...



Accessing shared memory (where the Oracle SGA resides in UNIX) after
database shutdown requires "root" privileges in order to read from
"/dev/mem" (or the equivalent on your OS-variant), which is the only way to
access regions of memory outside of the APIs provided via the systems calls
for shared memory (i.e. shmctl, shmat, etc) or heap/data memory allocation
within an image (i.e. brk, sbrk, etc).  That's what an API is designed to do


-- provide controlled access to privileged services outside of a privileged

account.



The upshot is that the "root" account must be compromised in order for the
quote "Information in caches may be accessed outside of Oracle and beyond
the control of the security parameters" to be true.  And if that becomes
true, then the accessing of memory caches potentially "left behind" by
Oracle are the absolute least of your concerns... ;-)



Perhaps the guideline is thinking of some other form of "caching", such as
"temporary files" or caching performed into files, not necessarily by the
RDBMS?  Perhaps by the app-server?  Web-server?





Jason Heinrich wrote: 



I'm working on implementing the CIS guidelines for Oracle 10g in a database,
and I'm a bit confused over one of them:



6.02 Cache -- Cache must be emptied at shut down of Oracle.
"Information in caches may be accessed outside of Oracle and beyond the
control of the security parameters." 



First of all, they don't mention which caches need to be emptied at shutdown


-- I'm assuming the buffer cache and the shared pool.  Second, how could

information in the cache be accessed after the instance is shut down?  Does
the data still exist in memory until overwritten?  If so, then I guess
someone with the right utility could read those memory addresses and the OS
wouldn't prevent them because the addresses no longer belonged to a process?




-- 



Jason Heinrich


Oracle Developer/DBA 





--
http://www.freelists.org/webpage/oracle-l


Received on Fri Oct 26 2007 - 13:21:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US