Gaining Access to the Filesystem Through DB2
As with most database servers, DB2 supports a number of ways to interact with the operating system's filesystem. It is crucial that access to these methods be restricted. The reason for this is quite simple — if an attacker can gain read access to files that contain sensitive information, this can be used to further compromise the system; or indeed just gaining access to the information might be enough if that's the attacker's end goal. If an attacker can gain write access to the filesystem, this is considerably more dangerous because it can be used to create files with “executable” content, which could be scripted files such as shell scripts or even binary executables. One common theme among database servers is that access to the filesystem through the RDBMS is done with the security privileges of the account running the process; DB2 is not different. Let's examine how DB2 can allow attackers to gain read or write access to the filesystem.
The Load Method
DB2 supports a LOAD SQL query that allows a file's contents to be read and loaded into a table. To be able to use load, the user account must have the LOADAUTH authority. By default, PUBLIC does not have this authority. Assuming you have this authority files can be read in a similar way to the following:
create table ldtest (t varchar(2000)) load from f:\test.txt of del insert into ldtest
This will read the file f:\test.txt and insert the contents into the ldtest table. The LOADAUTH ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
