RE: Java Permissions Oracle 10 : updated

Actually I have discovered that permissions were only part of the issue. The other problem is that when I run a script I have to make sure that I always specifiy the #! line at the top of each script e.g.#!/bin/ksh and also explicitly define the PATH in the scripts.

I did not need to do this when I was running scripts via the external procedure listener.

  -----Original Message-----
  From: Stefan Knecht [mailto:knecht.stefan_at_gmail.com]   Sent: 22 August 2006 11:50
  To: niall.litchfield_at_gmail.com
  Cc: jdunn_at_sefas.com; oracle-l
  Subject: Re: Java Permissions Oracle 10 : updated

  Actually it's not that bad... JVM is very specific about what it allows - it implements a default policy of "deny everything unless specifically allowed".
  If you grant execute (or write, for that matter) to specific application executables only, there's not much that can go wrong, as no shell is spawned, and therefore no shell processing (like "/my/good/bin && /my/bad/bin") can be done.

  the one thing you never want to do is grant execute on a shell, though :-)

  Stefan

  On 8/22/06, Niall Litchfield < niall.litchfield_at_gmail.com> wrote:     You might want to think rather carefully about the security implications of this particular function

    select function_run_os_command('rm -rf *') from dual;

    might be somewhat interesting....

    On 8/22/06, John Dunn <jdunn_at_sefas.com> wrote:

> Can anyone please assist me with java permissions when running a
java

> function in Oracle 10 on linux?
>

    --
    Niall Litchfield
    Oracle DBA
    http://www.orawin.info

--
http://www.freelists.org/webpage/oracle-l