Providing you have the appropriate level of authorization, running operating system commands is a trivial task and can be done in a number of ways. Obtaining the appropriate level of authorization is another matter and is discussed in other chapters. For example, elevating privileges through PL/SQL injection is discussed.
Before showing how it's possible to run OS commands from PL/SQL let's look at the technology behind how it works. PL/SQL can be extended by calling external procedures. External procedures are essentially functions that are exported by shared objects or dynamic link libraries. This is useful when we need to do something quite complex that can't be coded easily using PL/SQL. For example, assume we need to check a registry value on a Windows system from an Oracle application. This can't be done by using straight PL/SQL and we need to turn to external procedures. We write a C function to check the registry and then export it from a DLL. Let's call the function CheckReg(). We then tell the Oracle RDBMS about the DLL by creating a LIBRARY:
CREATE OR REPLACE LIBRARY CHK_REG AS ‘chkregistry.dll’
Once the library is in place we can then create a procedure that calls the CheckReg() function:
CREATE OR REPLACE PROCEDURE C_REG IS IS EXTERNAL NAME "CheckReg" LIBRARY CHK_REG LANGUAGE C; END C_REG;
Here we've told PL/SQL that the call is external, the function to call is CheckReg(), and this function is exported ...