Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Question about EXTPROC and vulnerability

Question about EXTPROC and vulnerability

From: Hemant K Chitale <hkchital_at_singnet.com.sg>
Date: Fri, 25 Jul 2003 22:40:57 +0800
Message-Id: <26013.339618@fatcity.com> 





Oracle's Security Alert #29  [Note 175429.1] on the EXTPROC recommends the 
workaround to disable


EXTPROC as


    
  
  1.   Removing the entry for extproc/PLSExtproc/icache_extproc from the 
listener.ora
  
  2.   Removing the entry from the tnsnames.ora
  
  3.   Renaming or removing the extproc executable






Why should all three actions be necessary ?  Why not just removing the 
entry from the


listener.ora ?  Can extproc be called without the listener configured ?



Security Alert #57 just talks of the CREATE LIBRARY privilege and makes no 
mention of


updating the listener.ora or tnsnames.ora or removing/renaming the extproc 
executable.  Why ?


Is it that Oracle wants people to use EXTPROC [or makes use of EXTPROC 
itself] so it


does not specify how EXTPROC can be disabled ?




Hemant K Chitale


Oracle 9i Database Administrator Certified Professional
My personal web site is :  http://hkchital.tripod.com
Received on Fri Jul 25 2003 - 09:40:57 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US