Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re: Perl Setuid - Oracle Password Hardcoding

by JavaFan (Canon)
on Nov 16, 2011 at 07:25 UTC ( #938326=note: print w/replies, xml ) Need Help??

in reply to Perl Setuid - Oracle Password Hardcoding

sudo was developed more than 3 decades ago to solve problems like that.

Learn it. Use it.

And for more information about your non-Perl question, try a Unix forum.

Replies are listed 'Best First'.
Re^2: Perl Setuid - Oracle Password Hardcoding
by zekeb (Initiate) on Nov 17, 2011 at 00:15 UTC
    It sounds like the dbas don't want the developer to know the password to Oracle. If they run the script with sudo or setuid or whatever, what would prevent them from just having the code print out the password that was read from the file?
      Considering that the OP is talking about an application server, it looks to me this is a standard production security policy, not something to pester developers with. It's not a measure to defend against internal attacks*, but to prevent escalation after an intrusion. Of course, the script should be non-modifiable.

      *Although with some effort, it can help to protect against insiders wearing a black hat.

      True. However we will not have access to the scripts on the production servers. They are rollout using SVN.

Re^2: Perl Setuid - Oracle Password Hardcoding
by afoken (Abbot) on Nov 19, 2011 at 08:44 UTC

    Two hints:

    1. Given sufficient permissions in /etc/sudoers, the command /usr/bin/sudo -u foo /usr/bin/cat /home/foo/bar.txt runs cat as user foo and writes the contents of /home/foo/bar.txt to STDOUT.
    2. In Perl, $text=`/usr/games/fortune -a`; runs /usr/games/fortune -a and collects all text written to STDOUT in $text. See Safe Pipe Opens for a more robust variant.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://938326]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2018-02-23 07:33 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (300 votes). Check out past polls.