dbms_sheduler jobs
I read in blog from Pete Finnigan about the potential security hole in DBMS_SCHEDULER package.
DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke
Note that on some OS, like AIX5L / oracle 10.2.0.2, the job runs as ORACLE, not as NOBODY
DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke
Note that on some OS, like AIX5L / oracle 10.2.0.2, the job runs as ORACLE, not as NOBODY
Posted by Laurent Schneider at 4/21/2006 02:03:00 PM
Permalink : dbms_sheduler jobs
Post to :
del.icio.us -
furl -
digg -
reddit -
co.mments
1 Comments:
but it does not run binaries, just interpreted shell scripts, so if you do not access to the system, you probably will not find a script to harm... you cannot run something like rm or mkdir
Post a Comment
<< Home