Pete Finnigan's Oracle Security Forum


    
      
        Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Oracle Binary Permission ?
        
(Message started by: Pete Finnigan on Aug 10^th, 2006, 5:16am)

Title: Oracle Binary Permission ?
Post by Pete Finnigan on Aug 10^th, 2006, 5:16am

Hello everyone,

I have a question about "Oracle Binary Permission" after read the "Project Lockdown" by Arup Nanda.

-------------------
extract from Aup Nanda
-------------------
This is a major change and it's important that you understand its impact. When a user (not the Oracle Software owner) on the server tries to connect a local
connection, the executable "oracle" is run on his behalf as if the user "orasoft" is running it. This is important; because the server process will open the data
files (owned by "orasoft"), it must either run as "orasoft" or the user must have permissions to open the data files.
------------------------

Does the code below is the meaning of above statement ?

Code:

[root@LINUX ~]# useradd -p vpv vpv
[root@LINUX ~]# cp /home/oracle/.bash_profile /home/vpv/
cp: overwrite `/home/vpv/.bash_profile'? y
[root@LINUX ~]# su - vpv

[vpv@LINUX ~]$ source .bash_profile
[vpv@LINUX ~]$ echo $ORACLE_HOME
/opt/app/oracle/product/9.2.0

[vpv@LINUX ~]$ sqlplus "/ as sysdba"

SQL*Plus: Release 9.2.0.6.0 - Production on Thu Aug 10 10:46:04 2006

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

ERROR:
ORA-01031: insufficient privileges

[vpv@LINUX ~]$ su -
Password:
[root@LINUX ~]# usermod -G dba vpv
[root@LINUX ~]# su - vpv

[vpv@LINUX ~]$ id
uid=503(vpv) gid=505(vpv) groups=502(dba),505(vpv) context=user_u:system_r:unconfined_t

[vpv@LINUX ~]$ sqlplus "/ as sysdba"

SQL*Plus: Release 9.2.0.6.0 - Production on Thu Aug 10 10:56:02 2006

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to:
Oracle9i Enterprise Edition Release 9.2.0.6.0 - Production
With the Partitioning option
JServer Release 9.2.0.6.0 - Production

SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.6.0 - Production
With the Partitioning option
JServer Release 9.2.0.6.0 - Production
[vpv@LINUX~]$ su - oracle
Password:

[oracle@LINUX~]$ ls -lt /opt/app/oracle/product/9.2.0/bin/oracle
-rwsr-s--x 1 oracle oinstall 48848412 Apr 7 21:35 /opt/app/oracle/product/9.2.0/bin/oracle

[oracle@LINUX~]$ chmod 0700 $ORACLE_HOME/bin/oracle

[oracle@LINUX~]$ ls -lt /opt/app/oracle/product/9.2.0/bin/oracle
-rwx------ 1 oracle oinstall 48848412 Apr 7 21:35 /opt/app/oracle/product/9.2.0/bin/oracle

[oracle@LINUX~]$ su - vpv
Password:
[vpv@LINUX~]$ sqlplus "/ as sysdba"

SQL*Plus: Release 9.2.0.6.0 - Production on Thu Aug 10 11:21:38 2006

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

ERROR:
ORA-12546: TNS:permission denied

I'm not sure the above code is the proof of vunerability.

Could you show me an example about the vulnerabiliy when we enable SUID bit ?

Any help would be greatly appreciated.

Thank you,

VPV.

Title: Re: Oracle Binary Permission ?
Post by Pete Finnigan on Aug 20^th, 2006, 9:23am

Hello all,

Could you comment upon this thread ? please tell me if you need any more informations about this.

Thank you.