Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Project lockdown - opinion solicitation

Re: Project lockdown - opinion solicitation

From: joel garry <joel-garry_at_home.com>
Date: Fri, 24 Aug 2007 14:33:28 -0700
Message-ID: <1187991208.333096.104010@l22g2000prc.googlegroups.com> 





On Aug 24, 10:31 am, EdStevens <quetico_..._at_yahoo.com> wrote:


> On advice last week, I have downloaded the "Project Lockdown" document

> and begun reviewing it.  I get a very uneasy feeling about his

> suggestion to remove the SUID bit from the Oracle executables.

> Searching through this ng I find a lot of issues stemming from not

> leaving the file permissions just as they are created when following

> installation instructions to the letter.

>

> It seems to me this could cause a lot of nagging problems.  It also

> seems that if your ORACLE_HOME is on a box where issuance of os user

> accounts is limited to DBAs and SAs the ability to exploit the SUID

> would be extremely limited.

>

> Am I missing something?




All the third party software I've worked on for the last dozen or so
years has required other user accounts.  They've also violated basic
security concepts in order to run (at least, without lots of nagging
problems).  It's not you that is missing something.



jg

--
@home.com is bogus.
http://www.galactic-guide.com/articles/8U20.html


Received on Fri Aug 24 2007 - 16:33:28 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US