Sorry for disturbance on thanks giving but my problem is critical i have to implement this on coming MONDAYĮxec rc('c:\windows\ /c dir') PL/SQL procedure successfully exec rc('/usr/bin/ps -ef') įrom the Java Developers Guide, Part No. To make this callable as a procedure (ignoring the return code), we'll create a create or replace procedure RC(p_cmd in varchar2)Īnd now to run set serveroutput on size exec dbms_t_output(1000000) Now, RT_TEST would create in its create or replace and compileġ0 public static int RunThis(String args)Ģ1 new BufferedInputStream(p.getInputStream(), bufSize) Ģ5 // Echo back what the program spit outĢ6 while ((len = bis.read(buffer, 0, bufSize)) != -1)Ģ function RUN_CMD( p_cmd in varchar2) return numberĥ name 'Util.RunThis() return integer' ![]() We could have allowed it to execute /usr/bin/* or * or whatever - I'm just letting it execute that one program. ![]() That allows our user RT_TEST to successfully execute that program. As SYS or some appropriately priveleged user, we will begin ![]() ![]() I'm going to grant as little as I have to get allow us to execute the program /usr/bin/ps. 8.1.6 added lots of new security features so this would be a little different in 8.1.5 but mostly the same.
0 Comments
Leave a Reply. |