4

For security reasons I asked DB team to add EXTPROC_DLLS:ONLY; but they said this:

"Please be informed that the KEY = EXTPROC1526 doesn’t refer to any external process at all. This is just a key used by any process needs to call Oraxxx via IPC protocol. The key can be any value and the same key value should be passed via the tnsnames.ora"

To me, it seems wrong. Could you please help me on this? What is the exact use of EXTPROC and what happens if we don't add EXTPROC_DLLS:ONLY?

Moudiz
  • 7,211
  • 22
  • 78
  • 156
Ace
  • 420
  • 2
  • 8
  • 25

2 Answers2

3

For any program to connect the oracle database you need Extproc agent.

PLS/SQL for example needs Extproc to work with oracle

You can find more information about the securit here
Ill past some of the link

Description
***********
The Oracle database server supports PL/SQL, a programming language. PL/SQ can execute external procedures via extproc. Over the past few years there has been a number of vulnerabilities in this area.

Extproc is intended only to accept requests from the Oracle database server but local users can still execute commands bypassing this restriction.

Details
*******
No authentication takes place when extproc is asked to load a library and execute a function. This allows local users to run commands as the Oracle user (Oracle on unix and system on Windows). If configured properly, under 10g, extproc runs as nobody on *nix systems so the risk posed here is minimal but still present.

and an example here

Moudiz
  • 7,211
  • 22
  • 78
  • 156
  • So, please correct me: for example I have my program running on the same machine as the DB. Instead of TCP, I use IPC. Therefore, database will branches a new procedure for my program, "extproc" and my program connects to that procedure which works as DBMS. – Ace May 14 '15 at 14:15
  • @Ace maybe it can do that I cant be sure what your program do. below ibre explained when extproc is used – Moudiz May 14 '15 at 15:46
2

On contrary to other databases Oracle does NOT allow plugins to access it's own memory address space. In case of MySQL/PostgreSQL a .dll plugin (C stored procedure) is loaded by the main database process.

Oracle lets listener to spawn a new process by calling extproc (or extproc32). This process loads the shared library and the rest of the database talks to this process via IPC.

This approach is safer, because the external library can not crash the database nor corrupt data. On the other hand sometimes C stored procedures might be slower than Java ones.

This option can restrict path for .dlls being loaded by extproc. i.e. those created by CREATE LIBRARY statement.

PS: usage of C stored procedures is VERY rare, if you do not use them you can freely remove the whole extproc stanza from listener.ora.

PS1: there is possible scenario of exploiting the extproc feature.

  • User must have CREATE LIBRARY, which usually NOT granted
  • extproc is not configured to run with nobody's privs - but runs as oracle:dba
  • User creates malicious .so library, which will performs something "evil" during it's initialization.
  • User puts this lib into /tmp directory
  • User creates Oracle LIBRARY pointing into /tmp by using CREATE LIBRARY statement
  • User forces extproc to dlopen this library
  • exproc will execute evil code with OS privileges oracle:dba

When using this EXTPROC_DLLS:ONLY restriction, developers have to cooperate with DBAs, and only white-listed libraries can be used and loaded.

ibre5041
  • 4,903
  • 1
  • 20
  • 35