当前位置：首页 > news >正文

LOCK_SGA=TRUE causes an ORA-27126 during database startup on AIX

news 来源：原创 2024/5/11 4:09:09

个人总结

在用Fox Technologies BoKs 这个安全产品的时候,在AIX 5.3 或者 6.1 上跑 10.2.0.4 由于 LOCK_SGA=TRUE参数改动出的这个 ORA-27126 问题.其他数据库版本或者其他安全产品并未发现这个问题.解决方法要么disable Boks 要么LOCK_SGA=FALSE,建议改参数.

LOCK_SGA=TRUE causes an ORA-27126 during database startup on AIX [ID 827656.1]

Applies to:

Oracle Server - Enterprise Edition - Version: 10.2.0.4 to 10.2.0.4
IBM AIX Based Systems (64-bit)
LOCK_SGA=TRUE
Fox Technologies BoKs

Purpose

There is an incompatibility between the Fox Technologies BoKs product and the 10.2.0.4 Oracle database when implementing the environment variable LOCK_SGA=TRUE. The database fails start and renders an ORA-27126.

Scope and Application

This problem only affects Oracle 10.2.0.4 on the AIX operating system.

Other symptoms include:

1) Previous versions of the Oracle 10.2 database did not experience this condition. Most customers so far see this issue after upgrading from 10.2.0.3.

2) The version of AIX does not seem to matter either but most customers are on either AIX 5.3 or 6.1.

3) When customers use the truss command on the sqlplus session, they see and Err#1 EPERM on the shmctl() system call.

4) So far, all customers seeing this error condition are using a 3rd party security tool called BoKs from Fox Technologies. The customer can determine if they are using this product but looks for a line in /etc/inittab similar to:

rcboks:2:wait:/etc/rc.boks > /dev/console 2>&1 # Start BoKS 6.5

It may not match this exactly, but one only needs to search /etc/inittab on the string "boks" to find it.

5) Other security tools that customers have used such as powerbroker or SeOS do not display this problem.

6) Customers have asked Oracle development what has changed in shared memory allocation between 10.2.0.3 and 10.2.0.4 and the only code changes noticed where the use of vmgetinfo() system call before the shmget() / shmctl(). According to IBM, the vmgetinfo() system call should not require any special privileges or access permissions.

LOCK_SGA=TRUE causes an ORA-27126 during database startup on AIX

Workaround:

Customers have two basic choices. They may either disable BoKs or set LOCK_SGA=FALSE. Of the two choices, disabling LOCK_SGA is the easiest to implement. It appears that BoKs is a comprehensive security package and disabling it is not a trivial operation. BoKs affects not just program execution privileges but also basic login for every user on the system.

Latest Guidance from Fox Technologies: "Our developers believe they have found the problem. As we suspected, there was an undocumented change made to AIX 5.3 as part of a ML release. This changed how a users environment is set up when using the SU command. We have produced a hotfix that we would like to present to the customers. If you would, please provide us with the contact information for the BoKS Admin contact that has been working the issue at both customer sites. We'll need to provide the details to them so they can download it from our website." Customers are advised to open a service request directly with Fox Technologies per their support contract and request the hotfix.