Privileges required to start and stop the server – Oracle Audio Technologies ORACLE9I B10508-01 User Manual

Page 174

background image

Security Information


Oracle9i Installation Guide Release 2 ( for HP Alpha OpenVMS

Changing the "carriage-control" attribute on socket (BG) devices. The server
also enables or disables (or both) the carriage-control attribute on BG (socket)
devices for certain stream operations.

Two protected, shareable images are installed at startup to allow the server to
perform these functions:

APACHE$PRIVILEGED.EXE (exec-mode services)

APACHE$FIXBG.EXE (kernel-mode services)

The APACHE$PRIVILEGED.EXE image provides exec-mode services for binding to
privileged sockets and fetching user default path information


Access to these

services is limited to processes running under the ORACLE username and is
controlled by the APACHE$PLV_ENABLE_APACHE$WWW logical name



logical name is defined as:


The "3,80,1023" string represents three parameters where:

The first parameter (3) is a bit-mask which enables or disables the two services:

Bit 0 controls binding to privileged ports.

Bit 1 controls fetching user default path information.

The second and third parameters are the minimum and maximum port that is
allowed to be bound.

When a call to either service is made, the service code:


Temporarily enables the privileges SYSPRV, OPER, SYSNAM, and NETMBX.


Performs the function.


Restores the process original privileges.

The APACHE$FIXBG.EXE_ALPHA image provides a kernel-mode service for
manipulating the carriage-control attribute for BG devices that are owned by the
calling process


No special access control exists on this service


This function can

also be performed using a setsocketopt C RTL run-time call, but it is not
supported by all TCP/IP stack vendors, which is the reason this service exists


This service does not enable privileges, but executes in kernel mode.

Privileges Required to Start and Stop the Server

The Oracle HTTP Server runs under the ORACLE username and UIC and is started
as a detached, network process


During startup, protected images are installed and