The DBMS software libraries contain the executables used by the DBMS to operate. Unauthorized access to the libraries can result in malicious alteration or planting of operational executables. This may in turn jeopardize data stored in the DBMS and/or operation of the host system.
For UNIX Systems: Set the umask of the Oracle software owner account to 022. Determine the shell being used for the Oracle software owner account: env | grep -i shell Startup files for each shell are as follows (located in users $HOME directory): C-Shell (CSH) = .cshrc Bourne Shell (SH) = .profile Korn Shell (KSH) = .kshrc TC Shell (TCS) = .tcshrc BASH Shell = .bash_profile or .bashrc Edit the shell startup file for the account and add or modify the line: umask 022 Log off and login, then enter the umask command to confirm the setting. NOTE: To effect this change for all Oracle processes, a reboot of the DBMS server may be required. For Windows Systems: Product-specific fix is pending development. Use Generic Fix listed below: Restrict access to the DBMS software libraries to the fewest accounts that clearly require access based on job function. Document authorized access control and justify any access grants that do not fall under DBA, DBMS process, ownership, or SA accounts.