invalid objects after revoke from public on UTL_* packages
GRLMar 6 2009 — edited Mar 17 2009Hi,
Playing around with 11g (11.1.0.7) and going checking some of the security loop holes...for example UTL_SMTP, UTL_HTTP, UTL_TCP, UTL_FILE, DBMS_JOB and DBMS_LOB granted to public.
I executed the folliowing:
grant execute on sys.dbms_lob to exfsys;
grant execute on sys.dbms_lob to xdb;
grant execute on sys.utl_file to xdb;
grant execute on sys.utl_file to oracle_ocm;
grant execute on sys.utl_file to sysman;
grant execute on sys.dbms_job to dbsnmp;
revoke execute on sys.utl_smtp from public;
revoke execute on sys.utl_tcp from public;
revoke execute on sys.utl_http from public;
revoke execute on sys.utl_file from public;
revoke execute on sys.dbms_lob from public;
revoke execute on sys.dbms_job from public;
Then I check the list of invalid objects, I see 3 packages invalid:
"SYS"."DBMS_SQLTUNE_INTERNAL"
"SYS"."DBMS_WRR_INTERNAL"
"SYS"."DBMS_WORKLOAD_REPLAY"
and for all 3, the error is "ORA-00980: synonym translation is no longer valid"....
I have then tried re-granting back those objects to public... but, the invalid objects are still there.
Does anyone know what is going on there? I guess Ill just have to rerun catproc and leave those public grants as is.
Thanks