Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Concurrency control wikipedia , lookup
Microsoft Access wikipedia , lookup
Team Foundation Server wikipedia , lookup
Database model wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Relational model wikipedia , lookup
Clusterpoint wikipedia , lookup
Exploiting SQL Server Security Holes Robert L Davis Database Engineer www.sqlsoldier.com @SQLSoldier PASS Security Virtual Chapter • http://security.sqlpass.org • Volunteers needed Robert L Davis • Microsoft Certified Master • Data Platform MVP Database Engineer • BlueMountain Capital Management • 16+ years working with SQL Server @SQLSoldier • www.sqlsoldier.com Exploiting SQL Server Security Holes Agenda Permissions Superset Database Owner Bypassing Logins Trustworthy Exploiting SQL Server Security Holes Permissions Superset Exploiting SQL Server Security Holes Permissions Superset User gets all permissions available to them When grants and denies conflict deny wins Almost always Due to ANSI standards, an explicit grant on a column overrides and explicit deny on a column Exploiting SQL Server Security Holes Database Owner Exploiting SQL Server Security Holes Database Owner Mapped automatically to the dbo account Has all perms inside of database (DML, DDL, etc) Has broad permissions for modifying the database properties Can make a variety of changes that can be damaging to the database or even the server Page verification, file settings, recovery model, auto-shrink, auto-close, etc Still cannot change TRUSTWORTHY Impersonated by sysadmin when sysadmin is in the database If no valid owner, you may receive error that the user cannot perform the requested action under the current security context Exploiting SQL Server Security Holes Bypassing Logins Exploiting SQL Server Security Holes Bypassing Logins Relates directly to permissions superset If user can login via group membership, the individual perms are included in the superset Even if the individual login doesn’t exist Exploiting SQL Server Security Holes Trustworthy Exploiting SQL Server Security Holes Trustworthy Sounds like a good thing to have Used for unsafe CLR assemblies or assemblies with external access Used to allow cross-database permissions chaining Can usually be done instead with signed modules or signed assemblies Effectively allows a db owner to take over the whole server Exploiting SQL Server Security Holes Thanks! Thank you for coming! My blog: www.sqlsoldier.com Twitter: twitter.com/SQLSoldier