Overview
During an initial installation of Oracle software on UNIX platforms, the Oracle Universal Installer creates the directory /tmp/orainstall (owned by oracle owner (Operating System, dba) with permissions of 711. In that directory, the Installer creates a shell script called orainstRoot.sh with permissions of 777. Thereafter, the Installer pauses and displays a dialog box requesting that this script be run as root from another window. Exiting the Installer deletes both the file and the directory.

As such, any user aware of the script, orainstRoot.sh, may run privileged Unix shell commands by editing it before root executes it and thus comprises the system.

Likelihood of Occurrence
This problem only occurs on an initial installation of Oracle on UNIX platforms.

Products Affected
All Oracle software including the Database Server

Solutions Proposed
There is a simple solution to this problem.

  • Prior to invoking the Oracle Universal Installer, create the directory /tmp/orainstall. Do this as the user who will later run the Installer:

    % mkdir /tmp/OraInstall

  • Set the directory permissions to 700:

    % chmod 700 /tmp/OraInstall

  • When the dialog box requests the user to run the orainstRoot.sh script, change the permissions on the orainstRoot.sh script to 700:

    % chmod 700 /tmp/OraInstall/orainstRoot.sh