Manualshelf

HP-UX Workload Manager Toolkits User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Workload Management (gWLM/WLM) Software
61626364656667686970
HP-UX WLM Oracle Database Toolkit: Providing Database Metrics to WLM
What about security issues?
Chapter 262
Potential perl code issue in the configuration file
The wlmoradc configuration file is a perl file. It is specified through the
wlmoradc command-line option --configfile file. This file is
executed, so if it contains malicious commands, your system could be at
risk.
Be careful what commands are specified, and set the UNIX file
permissions appropriately for the configuration file. In particular, having
world write permissions on the file or placing the file in a world-writable
directory could allow other users to edit or replace the file, causing
wlmoradc to execute the new commands when it is next invoked.
The wlmoradc tool issues a warning if the configuration file is
world-writable or is in a world-writable directory, but still executes it.
wlmoradc does not check the parent directories of the file.
Potential SQL code issue using --sqlfile file
The wlmoradc tool reads in the SQL file file when --sqlfile file is
specified on the command line. This SQL file is executed; thus, malicious
code could damage the database, or—via the SQL HOST
command—damage or compromise the surrounding UNIX environment.
With the SQL file, be careful what commands are specified, and set the
UNIX file permissions appropriately. In particular, having world write
permissions on the file or placing the file in a world-writable directory
could allow other users to edit or replace the file, causing wlmoradc to
execute the new commands when it is next invoked.
The wlmoradc tool issues a warning if the SQL file is world-writable or is
in a world-writable directory, but still executes it. It does not check the
parent directories of the file.