减少xp_sendmail安全漏洞
<script type="text/javascript"><!-- google_ad_client = "pub-2947489232296736"; /* 728x15, 创建于 08-4-23MSDN */ google_ad_slot = "3624277373"; google_ad_width = 728; google_ad_height = 15; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
<script type="text/javascript"><!-- google_ad_client = "pub-2947489232296736"; /* 160x600, 创建于 08-4-23MSDN */ google_ad_slot = "4367022601"; google_ad_width = 160; google_ad_height = 600; //--> </script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>

的用户有权限通过SQL Mail使用SQL Server的文件吗?SQL Mail和 SQL代理帐号一样运行在相同安全条件下。默认情况下,SQL代理运行在本地系统帐号下。如果用户能存取SQL Server数据库里的系统扩展存储过程xp_sendmail,那么就会有安全漏洞了。

 
通过给系统扩展存储过程xp_sendmail附加参数,用户就可以获得存取服务器上的文件的权限。通过一个方法你就可以保护xp_sendmail:把它封装倒一个存储过程中去,使附加参数非public。许可受这个存储过程的保护,把许可从xp_sendmail中取消。

下面基本的工作模板,你用它就可以保护xp_sendmail

use master
go
-- =============================================
-- Create procedure basic template
-- =============================================
-- creating the store procedure
IF EXISTS (SELECT name
         FROM     sysobjects
         WHERE    name = N'sp_sendmail'
         AND      type = 'P')
    DROP PROCEDURE sp_sendmail
GO

CREATE PROCEDURE sp_sendmail
     @in_recipients VARCHAR(8000) = '<default email address>'
    ,@in_message VARCHAR(8000)= 'test'
    ,@in_query VARCHAR(8000)= ''
    ,@in_copy_recipients VARCHAR(8000)= NULL
    ,@in_blind_copy_recipients VARCHAR(8000)= NULL
    ,@in_subject VARCHAR(80)= 'test'
    ,@in_type VARCHAR(80)= NULL
    ,@in_attach_results VARCHAR(80)= NULL
    ,@in_no_output VARCHAR(8)= NULL
    ,@in_no_header VARCHAR(8)= NULL
    ,@in_width INT = 10
    ,@in_separator VARCHAR(8)= NULL
    ,@in_echo_error VARCHAR(8000)= NULL
    ,@in_set_user VARCHAR(256) = NULL
    ,@in_dbuse VARCHAR(256) = NULL
AS

DECLARE @attachments VARCHAR(8000)

SET @in_recipients = '<default dba email address>;' + @in_recipients
exec master..xp_sendmail
     @recipients = @in_recipients
    ,@message = @in_message
    ,@query = @in_query
    ,@attachments =  ' '
    ,@copy_recipients = @in_copy_recipients
    ,@blind_copy_recipients = @in_blind_copy_recipients
    ,@subject = @in_subject
    ,@type = @in_type
    ,@attach_results = @in_attach_results
    ,@no_output = @in_no_output
    ,@no_header = @in_no_header
    ,@width = @in_width
    ,@separator = @in_separator
    ,@echo_error = @in_echo_error
    ,@set_user = @in_set_user
    ,@dbuse = @in_dbuse
GO


-- example to execute the store procedure

EXECUTE sp_sendmail
GO


-- example to grant permissions to the store procedure

GRANT EXECUTE ON sp_sendmail TO public
GO
REVOKE EXECUTE ON xp_sendmail TO public
GO <script type="text/javascript"><!-- google_ad_client = "pub-2947489232296736"; /* 728x15, 创建于 08-4-23MSDN */ google_ad_slot = "3624277373"; google_ad_width = 728; google_ad_height = 15; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>

<script type="text/javascript"><!-- google_ad_client = "pub-2947489232296736"; /* 160x600, 创建于 08-4-23MSDN */ google_ad_slot = "4367022601"; google_ad_width = 160; google_ad_height = 600; //--> </script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
阅读更多
个人分类: 数据库
想对作者说点什么? 我来说一句

模糊测试-强制性安全漏洞发掘

2014年08月06日 56.64MB 下载

没有更多推荐了,返回首页

不良信息举报

减少xp_sendmail安全漏洞

最多只允许输入30个字

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭