Database Reference
In-Depth Information
SQL> set wrap off
SQL> set linesize 150
SQL> column directory_name format a25;
SQL> column directory_path format a65;
SQL> select directory_name, directory_path from dba_directories ;
DIRECTORY_NAME DIRECTORY_PATH
------------------------- -----------------------------------------------------------------
ORACLE_HOME /
ORACLE_BASE /
OPATCH_LOG_DIR C:\app\abfb378\product\12.1.0\dbhome_1/QOpatch
OPATCH_SCRIPT_DIR C:\app\abfb378\product\12.1.0\dbhome_1/QOpatch
XSDDIR C:\app\abfb378\product\12.1.0\dbhome_1\rdbms\xml\schema
DATA_PUMP_DIR C:\app\abfb378/admin/orcl4/dpdump/
ORACLE_OCM_CONFIG_DIR C:\app\abfb378\product\12.1.0\dbhome_1/ccr/hosts//state
ORACLE_OCM_CONFIG_DIR2 C:\app\abfb378\product\12.1.0\dbhome_1/ccr/state
ORACLECLRDIR C:\app\abfb378\product\12.1.0\dbhome_1\bin\clr
XMLDIR C:\app\abfb378\product\12.1.0\dbhome_1\rdbms\xml
It looks like the release process has left patching directories in place. The bold paths actually refer to legitimate
paths on the author's installation, and the non-bold directories are not actually present on the OS (which implies that
some tidying up has been done but not fully completed before the release). Let's see which database users can have
privileges on the directories enabling them to write and read to the OS and therefore escalate privilege:
SQL> set wrap off
SQL> set linesize 150
SQL> column table_name format a25;
SQL> column grantee format a25;
SQL> column privilege format a25;
SQL> select table_name, grantee, privilege
2 from dba_tab_privs
3 where table_name in (select directory_name from dba_directories);
TABLE_NAME GRANTEE PRIVILEGE
------------------------- ------------------------- -------------------------
DATA_PUMP_DIR EXP_FULL_DATABASE WRITE
DATA_PUMP_DIR IMP_FULL_DATABASE WRITE
DATA_PUMP_DIR EXP_FULL_DATABASE READ
DATA_PUMP_DIR IMP_FULL_DATABASE READ
ORACLE_OCM_CONFIG_DIR ORACLE_OCM WRITE
ORACLE_OCM_CONFIG_DIR ORACLE_OCM READ
ORACLE_OCM_CONFIG_DIR2 ORACLE_OCM WRITE
ORACLE_OCM_CONFIG_DIR2 ORACLE_OCM READ
 
Search WWH ::




Custom Search