Showing results for 
Search instead for 
Did you mean: 

Enhanced Security - segment sharing

Go to solution
Sally Devine
Frequent Advisor

Enhanced Security - segment sharing

Hi all,
I have read in quite a few places (including Compaq) that "best practice" when setting up enhanced security is to disable segment sharing. We are about to turn on enhanced security for many of our existing systems. Does anyone know if disabling segment sharing will affect the existing oracle SGAs?
Thank you,
Ann Majeske
Honored Contributor

Re: Enhanced Security - segment sharing

Hi Sally,

It depends on what you mean by "best Practice". If your management is requiring a specific level of security (i.e. C2) or a configuration that has been evaluated to a specific security criteria (i.e. ITSEC or Common Criteria) then you would have to disable segment sharing to meet your managment's requirements. Other than for meeting these specific requirements, I don't see a great benefit in disabling segment sharing. It only protects you from having shared libraries share text areas. It doesn't seem to me that this would be a likely area of attack on Tru64 systems.

Disabling segment sharing requires your system to reserve a separate text area for each user that accesses a specified shared library. So, it doesn't appear to me that it would affect the operation of any layered product unless they depended on sharing the text area. But, it could have a large impact on memory usage on the system. From the V5.1A Security manual, section 7.2: "Note: Disabling segment sharing can cause excessive memory use."

I personally wouldn't disable segment sharing unless I had to.