- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Running listener as nobody
Operating System - HP-UX
1753793
Members
6933
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 07:19 AM
тАО03-31-2003 07:19 AM
Re: Running listener as nobody
With the "nobody" security model, we're not securing for vulnerabilities we know about, we're securing for vulnerabilities we don't know about. We're saying "assume a network facing application - e.g. httpd or tnslsnr gets compromised -- what can happen?"
The answer is, it depends largely on the privs the "compromised" service has. Compromise something as root, you've got root privs; compromise something as oracle, you've got oracle privs; compromise something as a user who doesn't own anything on the system, you've got the privs to execute world-execute commands.
These compromises are very real. In the compromises I've witnessed, the compromise used the elevated privileges to set up a service (e.g. sh) on another usecured port.
Folks write "scripts" to automatically compromise the system and set up the services (i.e. given that you have the script, you don't have to know what you're doing).
If the user is in as oracle access, minimally, the user can rm the database files.
The answer is, it depends largely on the privs the "compromised" service has. Compromise something as root, you've got root privs; compromise something as oracle, you've got oracle privs; compromise something as a user who doesn't own anything on the system, you've got the privs to execute world-execute commands.
These compromises are very real. In the compromises I've witnessed, the compromise used the elevated privileges to set up a service (e.g. sh) on another usecured port.
Folks write "scripts" to automatically compromise the system and set up the services (i.e. given that you have the script, you don't have to know what you're doing).
If the user is in as oracle access, minimally, the user can rm the database files.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 10:15 AM
тАО03-31-2003 10:15 AM
Re: Running listener as nobody
U.SivaKumar,
I respectfully disagree with your opinion. Both concerning the security matter and the appropriateness of my post.
We are current with Oracle server patches, are running Oracle Server with the listener running as the Oracle user.
If Oracle says we should go to user nobody and provides a procedure, we'll do it.
I never underestimate security consultants or the power of hackers. I am carefully following this thread because I don't have the chutzpah to believe that I could not be wrong. I've had two security audits here by large firms. We spent a great deal of time looking at Oracle security, so I don't speak from a position of ignorance. At least not total ignorance :-)
I have a very experienced dba with whom I consulted prior to making my post.
I could be wrong, and will upon reading convincing information admit such.
If I have offended either party, I offer humble apologies.
Tim,Thread author: Please keep the information coming, if you get a valid procedure on this, I'd like to have it, because I'm open minded and inellectually interested. Again if insulted, deepest apologies.
Here is a quote from metalink forums on the subject:
Running Listener as nobody
I am wondering if running the listener as nobody is an option?
By doing so we limit the effects of the Net8 security BOF and others
should they arise.
I am not sure exactly how to do this, but is it deasible ?
-- Donnie
--------------------------------------------------------------------------------
From: Oracle, Kathy Ting 09-Jul-01 22:18
Subject: Re : Running Listener as nobody
No. The Listener can not be run as nobody.
The Listener's ability to receive incoming client connection requests and manage the traffic of these requests to the server will be hinder.
Thank you for using the MetaLink Forum,
Kathy
Oracle Support.
So Am I totally off base here?
SEP
I respectfully disagree with your opinion. Both concerning the security matter and the appropriateness of my post.
We are current with Oracle server patches, are running Oracle Server with the listener running as the Oracle user.
If Oracle says we should go to user nobody and provides a procedure, we'll do it.
I never underestimate security consultants or the power of hackers. I am carefully following this thread because I don't have the chutzpah to believe that I could not be wrong. I've had two security audits here by large firms. We spent a great deal of time looking at Oracle security, so I don't speak from a position of ignorance. At least not total ignorance :-)
I have a very experienced dba with whom I consulted prior to making my post.
I could be wrong, and will upon reading convincing information admit such.
If I have offended either party, I offer humble apologies.
Tim,Thread author: Please keep the information coming, if you get a valid procedure on this, I'd like to have it, because I'm open minded and inellectually interested. Again if insulted, deepest apologies.
Here is a quote from metalink forums on the subject:
Running Listener as nobody
I am wondering if running the listener as nobody is an option?
By doing so we limit the effects of the Net8 security BOF and others
should they arise.
I am not sure exactly how to do this, but is it deasible ?
-- Donnie
--------------------------------------------------------------------------------
From: Oracle, Kathy Ting 09-Jul-01 22:18
Subject: Re : Running Listener as nobody
No. The Listener can not be run as nobody.
The Listener's ability to receive incoming client connection requests and manage the traffic of these requests to the server will be hinder.
Thank you for using the MetaLink Forum,
Kathy
Oracle Support.
So Am I totally off base here?
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 10:22 AM
тАО03-31-2003 10:22 AM
Re: Running listener as nobody
I would say based on the response of Oracle support that you should not follow that particular recommendation from the auditors.
I have enough going with Oracle right now and am not going to write a tar to get verification for an itrc thread. That would probably be stretching my oracle support agreement a bit.
I do understand and acknowledge the security concerns that require applications such as squid and apache to be run by users other than the application owner.
Doesn't seem like thats going to work here.
Smiles and happiness and most of all great success.
SEP
I have enough going with Oracle right now and am not going to write a tar to get verification for an itrc thread. That would probably be stretching my oracle support agreement a bit.
I do understand and acknowledge the security concerns that require applications such as squid and apache to be run by users other than the application owner.
Doesn't seem like thats going to work here.
Smiles and happiness and most of all great success.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 11:25 AM
тАО03-31-2003 11:25 AM
Re: Running listener as nobody
Thanks everyone for all the information.
The auditor was quoting some recommendations from a book authored by Dave Litchfield. He also has a web site www.nextgenss.com.
Part of the issue in our environment was that we had not shut off the adminstrative privileges within the listner.ora file (ADMIN_RESTRICTIONS_listener_name=ON). This fact, coupled with the fact that the listener runs as oracle, would allow a hacker to gain control of system with the same autorities as the oracle account. See this document: http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
Steven - You are correct, I have never seen and cannot find a specific recommendation from Oracle Corp. which suggests running the listener as "nodbody". However there are credible people out there who recommend doing it as a precaution. These recommendations people such as Dave Litchfield and Thomas Kyte. If we had configured the listener.ora correctly to restrict admin privileges this would not have been as big a hole as it was.
At this point I guess it's a judgment call whether to believe Oracle or a number of security consultants.
On a test machine we're going to setup an account similar to nobody but with a proper $PATH and other necessary environment variables and see how well it works with the listener. I will post the results on this thread.
Thanks,
Tim
The auditor was quoting some recommendations from a book authored by Dave Litchfield. He also has a web site www.nextgenss.com.
Part of the issue in our environment was that we had not shut off the adminstrative privileges within the listner.ora file (ADMIN_RESTRICTIONS_listener_name=ON). This fact, coupled with the fact that the listener runs as oracle, would allow a hacker to gain control of system with the same autorities as the oracle account. See this document: http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
Steven - You are correct, I have never seen and cannot find a specific recommendation from Oracle Corp. which suggests running the listener as "nodbody". However there are credible people out there who recommend doing it as a precaution. These recommendations people such as Dave Litchfield and Thomas Kyte. If we had configured the listener.ora correctly to restrict admin privileges this would not have been as big a hole as it was.
At this point I guess it's a judgment call whether to believe Oracle or a number of security consultants.
On a test machine we're going to setup an account similar to nobody but with a proper $PATH and other necessary environment variables and see how well it works with the listener. I will post the results on this thread.
Thanks,
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 11:41 AM
тАО03-31-2003 11:41 AM
Re: Running listener as nobody
No points please.
I withdraw my comments about your auditors and apologize to everyone who read it.
My conclusion without the stupid emotion was not unreasonable based on the facts at hand. Thanks for the new information, I found the documentation and website very informative.
SEP
I withdraw my comments about your auditors and apologize to everyone who read it.
My conclusion without the stupid emotion was not unreasonable based on the facts at hand. Thanks for the new information, I found the documentation and website very informative.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2003 03:38 PM
тАО03-31-2003 03:38 PM
Re: Running listener as nobody
No worries Steven! I was looking for a number of opinions and that's exactly what I got.
If you ask me, auditors are in general a pain in the neck. But I guess they do force you to look at things you might otherwise miss.
On the final audit tally, I would say there was at least 1 bogus recommendation for each valid one. The trick is figuring out which ones are which!
Thanks again for the comments and keep them coming. This is what makes the forums work.
Tim
If you ask me, auditors are in general a pain in the neck. But I guess they do force you to look at things you might otherwise miss.
On the final audit tally, I would say there was at least 1 bogus recommendation for each valid one. The trick is figuring out which ones are which!
Thanks again for the comments and keep them coming. This is what makes the forums work.
Tim
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP