I’ve already showed you, how to escalate privileges in Oracle Databases.
- https://blog.ora-600.pl/2013/04/02/privilege-escalation-in-oracle-11gr2-part1/
- https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/
The question is – how to secure your database, if you don’t have EE or possibility to buy Oracle Database Vault or Oracle Advanced Security. Well – there’s always a DBA creativity 😉
For example – if you want to secure the system from creating unwanted DIRECTORY objects, you can create the following trigger as SYSDBA:
create or replace trigger trc_sec_directories
before create on database
declare
v_dirs varchar2(32000):='/bin/,/dev/,/etc/,/sbin/,/home/oracle/,/home/oracle/.ssh/,/u01/app/oracle/product/11.2.0/dbhome_1/,/u01/app/oracle/product/11.2.0/dbhome_1/sqlplus/admin/,/u01/app/oracle/product/11.2.0/dbhome_1/lib/,/u01/app/oracle/product/11.2.0/dbhome_1/bin/,/u01/app/oracle/product/11.2.0/dbhome_1/dbs/,/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/,/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/admin/';
v_dir_name varchar2(30);
v_sql_list ora_name_list_t;
v_sql_text clob;
v_cnt number;
begin
if ora_dict_obj_type='DIRECTORY' then
v_cnt:=ora_sql_txt(v_sql_list);
for i in 1..v_cnt loop
v_sql_text:=v_sql_text || v_sql_list(i);
end loop;
if regexp_like(v_dirs,trim(replace(substr(v_sql_text,instr(lower(v_sql_text), 'as')+2),'''',''))) then
raise_application_error(-20666, 'Insufficient privileges');
end if;
end if;
end;
/
Each time, someone will try to create a directory, pointing to those, stored in V_DIRS variable, an exception will be thrown.