Oracle oradism or the directly intimate shared monster !

oradism binary was initially created for managing Dynamic Intimate Shared Memory on Solaris, but since then it has evolved a lot (increasing the attack surface) and it’s nowadays used for many operations requiring root privileges on our Linux system. By the way i have peeked it’s new name “Directly Intimate Shared Monster” from Frits Hoogland in tweeter and i think that it fits it better 🙂

https://platform.twitter.com/widgets.js

The purpose of this blog post is to try to enumerate some of those operations using an oracle 20C preview version (Armed with my old friends systemtap/etc 🙂 )

Elevating priority of some key background processes :

The vktm process is now scheduled under one of the real-time policies (SCHED_RR).

Setting the adjustment value for the OOM killer score (OOMScoreAdjust) :

The value is now set to -1000 ,The lower the value, the lower the chance that it’s going to be killed.

Operations related to dbnest initialization (cgroups/namespaces/directory needed for bind mount) :

Some functions seems to be related to cgroups ,Nest network (Need network namespace (have to check that ! ) ), namespace configuration :

Example of configuring cgroup .

Example of creating a directory for bind mount used for FS isolation :

Example of configuring the mappings for user and group IDs inside the user namespace.

Operations related to direct NFS :

Operations related to the configuration of huge pages (allocate/deallocate):

And i’m now still thinking about dbnest and the network namespace , have to check that stay tuned :p

That’s it 🙂

2 thoughts on “Oracle oradism or the directly intimate shared monster !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s