Download Exploiting SQL Server Security Holes

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Concurrency control wikipedia , lookup

Microsoft Access wikipedia , lookup

Database wikipedia , lookup

Team Foundation Server wikipedia , lookup

Database model wikipedia , lookup

Btrieve wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Relational model wikipedia , lookup

Clusterpoint wikipedia , lookup

Open Database Connectivity wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Transcript 
Exploiting SQL Server
Security Holes
Robert L Davis
Database Engineer
www.sqlsoldier.com
@SQLSoldier
PASS Security Virtual Chapter
• http://security.sqlpass.org
• Volunteers needed
Robert L Davis
• Microsoft Certified Master
• Data Platform MVP
Database Engineer
• BlueMountain Capital Management
• 16+ years working with SQL Server
@SQLSoldier
• www.sqlsoldier.com
Exploiting SQL Server Security Holes
Agenda
 Permissions Superset
 Database Owner
 Bypassing Logins
 Trustworthy
Exploiting SQL Server Security Holes
Permissions Superset
Exploiting SQL Server Security Holes
Permissions Superset
 User gets all permissions available to them
 When grants and denies conflict deny wins
 Almost always
 Due to ANSI standards, an explicit grant on a column
overrides and explicit deny on a column
Exploiting SQL Server Security Holes
Database Owner
Exploiting SQL Server Security Holes
Database Owner
 Mapped automatically to the dbo account
 Has all perms inside of database (DML, DDL, etc)
 Has broad permissions for modifying the database
properties
 Can make a variety of changes that can be damaging to the
database or even the server
 Page verification, file settings, recovery model, auto-shrink,
auto-close, etc
 Still cannot change TRUSTWORTHY
 Impersonated by sysadmin when sysadmin is in the
database
 If no valid owner, you may receive error that the user cannot
perform the requested action under the current security
context
Exploiting SQL Server Security Holes
Bypassing Logins
Exploiting SQL Server Security Holes
Bypassing Logins
 Relates directly to permissions superset
 If user can login via group membership, the
individual perms are included in the superset
 Even if the individual login doesn’t exist
Exploiting SQL Server Security Holes
Trustworthy
Exploiting SQL Server Security Holes
Trustworthy
 Sounds like a good thing to have
 Used for unsafe CLR assemblies or assemblies
with external access
 Used to allow cross-database permissions
chaining
 Can usually be done instead with signed modules
or signed assemblies
 Effectively allows a db owner to take over the
whole server
Exploiting SQL Server Security Holes
Thanks!
Thank you for coming!
 My blog: www.sqlsoldier.com
 Twitter: twitter.com/SQLSoldier
Related documents
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
UNIVERSE - Qatar University
UNIVERSE - Qatar University
MidRange Concepts - Fox Valley Technical College
MidRange Concepts - Fox Valley Technical College
Introduction to ASP.NET
Introduction to ASP.NET
Database Lab
Database Lab
進階資料庫系統 課程綱要表 課程名稱: (中文) 進階資料庫系統 (英文
進階資料庫系統 課程綱要表 課程名稱: (中文) 進階資料庫系統 (英文
MS-SQL-Developer - Metro Staffing Solutions
MS-SQL-Developer - Metro Staffing Solutions
How to run a SQL Script in SQL Management Studio
How to run a SQL Script in SQL Management Studio
Did You Know? SQL Server 2008 * [Feature]
Did You Know? SQL Server 2008 * [Feature]
wildlife - Seasalt
wildlife - Seasalt
IMS Maxims – Multinational Company
IMS Maxims – Multinational Company
WESCO DISTRIBUTION, INC.
WESCO DISTRIBUTION, INC.