Securing external program execution (EXTPROC)
Some database applications can use external dynamic libraries implemented in a language such as C or C++. Usually these external libraries are developed for performance reasons, but they can also represent a major security threat by being replaced with ones that contain malicious code. Therefore this feature must be used with maximum precaution.
The listener process allows executing external programs using a dedicated program named extproc, which is located by default at $ORACLE_HOME/bin. The access to these external libraries can be configured within the listener configuration file listener.ora.
The following is a configuration example from listener.ora that allows executing a specific library:
(SID_LIST = (SID_DESC = (SID_NAME = CLRExtProc) (ORACLE_HOME = /u01/app/oracle/product/11.2.0/db/) (PROGRAM = extproc) (ENVS = "EXTPROC_DLLS=ONLY:/home/oracle/appclrso.so") ) )
The corresponding entry for extproc from...
