On Wed, 5 May 1999, Chris Hallenbeck wrote: > On Tue, 4 May 1999, Kis-Szabo Andras wrote: > > > Oracle8i 8.1.5 Solaris 7 > > -rwsr-s--x 1 root dba 1402152 May 3 01:08 > /oracle/bin/oratclsh > > > > After the install. This version never run here before. > > Solaris 2.6 with Oracle8.0.5 ...installed by the userid "oracle", hence > we have: > -rwsr-s--x 1 oracle dba 1492432 Jan 7 08:19 oratclsh > > Solution? Try running the majority of the install as the "oracle" user. > > Comments? > > HTH! > > -Chris Hallenbeck The root setuid gets set when you run the post-install root.sh as root (per the install instructions). If you don't run root.sh as root (directly after the Intelligent Agent install - remember Oracle creates a new root.sh with every install) then the file will be owned by the installer ID (typically oracle). I would suggest that setuid oracle on that file is bad enough. The simple exploit will then get you oracle:dba privs instead of root, but that would be enough to have full control of the database. Oracle's recommended fix of removing the setuid bit would still apply. John Ritchie Oregon University System
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:10 PDT