any of a vast number of other scary things.create users and add them to the Local Administrators group or.What’s more, you could potentially run commands to: IF cmdshell is enabled – that is, if run_value = 1 – you could run something like this within SQL Server: EXEC xp_cmdshell N' DIR c:\temp\' Ĭmdshell passes the command “ DIR c:\temp\” to Windows, which just retrieves a directory listing for the “temp” folder on the C: drive. Check the status of cmdshell using sp_configure: EXEC sp_configure 'show advanced options', 1 ĮXEC sp_configure /* Scroll down to xp_cmdshell and check the run_value */ĮXEC sp_configure 'show advanced options', 0 /* Let's hide those advanced options again */ Xp_cmdshell is disabled by default on a fresh installation of SQL Server. Foundations of xp_cmdshellįirst, a definition: xp_cmdshell is a SQL Server system stored procedure that “spawns a Windows command shell and passes in a string for execution.” In other words, it lets you run Windows commands from within SQL Server. (A note on terms: I will often refer to xp_cmdshell by the nickname “cmdshell”. And of course, there’s a nice “bottom line” summary at the end. In this article, we cover what you really need to understand and secure xp_cmdshell: foundations, the “sysadmins only” club, service accounts, and MSDB rights and proxies. Unfortunately, all the wrong things get all the attention. Quite a lot of data folks are reasonably concerned with the possible security holes that xp_cmdshell could introduce. Today we’re going to talk about “locking down” xp_cmdshell.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |