Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Why are people so afraid of underscore parameters ?

Re: Why are people so afraid of underscore parameters ?

From: Yong Huang <yong321_at_yahoo.com>
Date: 26 Aug 2002 07:30:25 -0700
Message-ID: <b3cb12d6.0208260630.9420a19@posting.google.com> 





Thomas Kyte <tkyte_at_oracle.com> wrote in message news:<akc14j06hg_at_drn.newsguy.com>...


> In article <b3cb12d6.0208251521.18cbe86a_at_posting.google.com>, yong321_at_yahoo.com

> says...

> >

> >Thomas Kyte <tkyte_at_oracle.com> wrote in message

> >news:<ak60ht02k5d_at_drn.newsguy.com>...

> >>(in fact, I can show you a truly big problem with _trace_files_public, security

> >> and another undocumented but seemingly innocent event that can be set at the

> >>session level -- just need _trace_files_public to be set and ALTER SESSION privs

> >> and I can get some pretty neat information)

> >

> >Hi, Tom,

> >

> >Out of curiosity, what event is that, suppose the user has alter

> >session privilege?

> 

> curiosity kills cats.  I like cats.




Killing a cat this way may not be that easy. I find that in Oracle 7
but not beyond, you can use alter session to set blockdump event:



alter session set events = 'immediate trace name blockdump level
[level]'



where [level] is the return value of the function
dbms_utility.make_data_block_address ("documented" in Rama Velpuri's
book). So people knowing how to interpret block dumps knows the values
in the table even though he can't select on the table from inside the
database.



But the difficulty with this security breach is that there's no
select_catalog_role in Oracle7, and the file number and block number
needed for dbms_utility.make_data_block_address is only available in
dba_extents, not user_extents. So the user has to be granted select on
dba_extents by SYS.



BTW, if the user can read block dumps, he's close to being able to
read the datafile directly anyway. So the datafile permission has to
be such that others (world) can't read to stop these "hackers". Not
all databases have their datafile permission set that way.



I agree, there're more much easier exploits. Granting CONNECT role
instead of CREATE SESSION is a bad one. You didn't seem to remind
people about this in your book! But I haven't finished reading your
book yet.



Yong Huang
Received on Mon Aug 26 2002 - 09:30:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US