Some database applications can use external dynamic libraries implemented in a language such as C or C++. Usually these external libraries are developed for performance reasons, but they can also represent a major security threat by being replaced with ones that contain malicious code. Therefore this feature must be used with maximum precaution.
The listener process allows executing external programs using a dedicated program named extproc
, which is located by default at $ORACLE_HOME/bin
. The access to these external libraries can be configured within the listener configuration file listener.ora
.
The following is a configuration example from listener.ora
that allows executing a specific library:
(SID_LIST = (SID_DESC = (SID_NAME = CLRExtProc) (ORACLE_HOME = /u01/app/oracle/product/11.2.0/db/) (PROGRAM = extproc) (ENVS = "EXTPROC_DLLS=ONLY:/home/oracle/appclrso.so") ) )
The corresponding entry for extproc
from tnsnames.ora
is as follows:
EXTPROC_CONNECTION_DATA = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) (CONNECT_DATA = (SID = PLSExtProc) ) )
In this recipe we will demonstrate some security recommendations related to extproc
.
By using a configuration similar to the example provided earlier, an attacker may fake without too much effort the libraries called by extproc
.
oracle
user, they will have identical read and write privileges. An attacker who gained access to the application
user and oracle
user, can simply replace the library called by extproc
with a soft link pointing to other libraries:mv /home/oracle/appclrso.so /home/oracle/appclrso.so1 ln –s /lib64/libc-2.5.so /home/oracle/appclrso.so SQL> create or replace library ex_cmd as '/home/oracle/appclrso.so'; SQL> create or replace procedure execute_cmd(command IN CHAR) is external name "system" library ex_cmd language c; SQL> exec execute_cmd("<os command>");
extproc
in a different listener which will be owned by a different user than Oracle. This user should not have read and write privileges on files owned by Oracle.The communication between extproc
and external libraries is performed using interprocess communication (PROTOCOL = IPC).
Other security recommendations related to extproc
are as follows:
listener.ora
, sqlnet.ora
, and tnsnames.ora
)extproc
executable and delete the extproc
entries from listener.ora
extproc
agent if you have suspicions about being attacked by using the TRACE_LEVEL_AGENT
sqlnet.ora
parameterEXTPROC_DLLS=ANY
specifier, always use EXTPROC_DLL=ONLY:<library name>
18.117.158.165