O121-C2-011810 - Access to external executables must be disabled or restricted - 'run_user=nobody'
The Oracle external procedure capability provides use of the Oracle process account outside the operation of the DBMS process. You can use it to submit and execute applications stored externally from the database under operating system controls. The external procedure process is the subject of frequent and successful attacks as it allows unauthenticated use of the Oracle process account on the operating system. As of Oracle version 11.1, the external procedure agent may be run directly from the database and not require use of the Oracle listener. This reduces the risk of unauthorized access to the procedure from outside of the database process.
If use of the external procedure agent is required, then authorize and document the requirement in the System Security Plan. If the external procedure agent must be accessible to the Oracle listener, then specify this and authorize it in the System Security Plan. If use of the Oracle External Procedure agent is not required: - Stop the Oracle Listener process - Remove all references to extproc in the listener.ora and tnsnames.ora files - Alter the permissions on the executable files: UNIX - Remove read/write/execute permissions from owner, group and world Windows - Remove Groups/Users from the executable (except groups SYSTEM and ADMINISTRATORS) and allow READ [only] for SYSTEM and ADMINISTRATORS groups If required: - Restrict extproc execution to only authorized applications. - Specify EXTPROC_DLLS=ONLY: [list of authorized DLLS] in the extproc.ora and the listener.ora files - Create a separate, dedicated listener for use by the external procedure agent See the Oracle Net Services Administrators Guides, External Procedures section for detailed configuration information.