Home » RDBMS Server » Security » Security - Public Objects
Security - Public Objects [message #50210] Wed, 06 March 2002 04:51 Go to next message
Robson Freitas
Messages: 1
Registered: March 2002
Junior Member
Hi all,

In my current assignment of Oracle security review, I have noticed that the following tables owned by 'SYS' had 'execute' privilege granted to 'PUBLIC' . This privilege has been granted to the 'public' by default, when Oracle is installed, as I understand. I would like to know, if a general user in the database can make an undue use of this privilege. I would appreciate any one in this list, who had a chance to review this earlier, offer me some info on this.

Thanks and Regards.
Re: Security - Public Objects [message #50236 is a reply to message #50210] Wed, 06 March 2002 16:13 Go to previous message
seng
Messages: 191
Registered: February 2002
Senior Member
1. I don't whether "EXECUTE" privilege is granted to "PUBLIC" after installation. It is trues as you mention that any privileges grant to "PUBLIC" will automatic grant to all user in database.

However, "EXECUTE" must grant with schema object before the user is allowed to use this privilege. To check the "EXECUTE" . To check the privileges, you can use this

DBA level

select * from dba_tab_privs where privilege = 'EXECUTE'and grantee ='PUBLIC'

ALL level

select * from all_tab_privs where privilege = 'EXECUTE' and grantee ='PUBLIC'

User level

select * from user_tab_privs where privilege = 'EXECUTE'and grantee ='PUBLIC'

The return of this query will tell you "EXECUTE" is
on which object by who and to who.

2. If "EXECUTE ANY PROCEDURE" is granted to "PUBLIC" than you will have security problem because any user is allowed to execute any object.

3. Use "REVOKE" to ungrant the privilege to "PUBLIC" if you find the security leaking in your database.

Hope this is helping. thanks
Previous Topic: how to setup audit trail
Next Topic: Grant
Goto Forum:
  


Current Time: Thu Mar 28 18:14:45 CDT 2024