Oracle DBMS_PQ_INTERNAL Built-In Package
Versions 12.2 - 19.3

Security Advisory
When we don't know what something is, what it does, the purpose it was designed for we do not assume it is benign. Rather, we look for clues based on naming, dependencies, and privileges that may provide some guidance.

The first thing we observe is that the package name contains PQ which likely stands for Parallel Query. But then we see that the name of the package's only object include "CREATE_DB_LINK" which likely points to its use in creating Database Links. Database Link creation can be a risk because it may allow access from a database with no specific security concerns to one that has PII, PHI, or other sensitive data.

The dependencies do not lead to any specific concern so we tried to use it while performing a 10046 Level 12 and 10053 Level 2 trace: Our best attempt to use the procedure failed and the traces, not surprisingly, returned no useful information. And our attempt to use it was informed by the execute statement at the bottom of the wrapped source code file so we know that our syntax was precisely as Oracle intended.

Thus our analysis is: Given that we do not know the specific purpose of this package and its single stored procedure, the fact that it has the potential to create a database link puts it on the Watch list.
 
Recommended Security Rules

 NEVER
  • Grant execute on this package to any user or role.
 WITH GREAT CARE
  • If any user or application requests use of this package treat that request with suspicion and do not grant it without opening an SR with Oracle Support and getting their approval for the grant.
 CAUTIONS
  • N/A
 
How Oracle Works
Not Known We do not have any reliable information on this package and how it is used by Oracle that can be published.
 
DBMS_PQ_INTERNAL Package Information
AUTHID CURRENT_USER
Dependencies
DBMS_ASSERT DBMS_STANDARD V$DATABASE
Documented No
Exceptions
Error Code Reason
ORA-20000 Could not create database link: sys-hub
First Available 12.2
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtpq.plb
 
CREATE_DB_LINK_FOR_HUB
Undocumented dbms_pq_internal.create_db_link_for_hub;
exec dbms_pq_internal.create_db_link_for_hub;
BEGIN dbms_pq_internal.create_db_link_for_hub; END;
*
ERROR at line 1:
ORA-20000: Could not create database link: sys-hub
ORA-06512: at "SYS.DBMS_PQ_INTERNAL", line 15
ORA-06512: at line 1

Related Topics
DBMS_SQL
Native Dynamic SQL
Object Privileges
OWM_ASSERT_PKG
System Privileges