Local Attacks Against DB2

Local attacks against DB2 are generally leveled at DB2 running on *nix platforms, though there are some that are effective against the Windows operating system. As far as *nix platforms are concerned the attacks usually relate to DB2 binaries with the setuid bit set. The setuid bit lets the OS know that the binary should execute with the privileges of the owner and not the user executing the binary. This is necessary, for example, to call certain functions or perform certain tasks. For example, to open a TCP port below 1024 on *nix platforms, the process must be running as root; or if the chroot() function is called, then this again must be performed as root. A number of the DB2 binaries have the setuid bit set:

/home/db2inst1/sqllib/adm/ -r-s--x--x 1 db2inst1 db2grp1 144311 Aug 27 15:27 db2audit -r-s--x--x 1 root db2grp1 70669 Aug 27 15:27 db2cacpy -r-sr-s--x 1 db2inst1 db2grp1 981127 Aug 27 15:27 db2dart -r-sr-xr-x 1 root db2grp1 61523 Aug 27 15:27 db2dasstml -r-sr-s--x 1 root db2grp1 80859 Aug 27 15:27 db2fmp -r-sr-s--x 1 root db2grp1 76725 Aug 27 15:27 db2fmpterm -r-s--x--x 1 root db2grp1 106405 Aug 27 15:27 db2genp -r-sr-s--x 1 db2inst1 db2grp1 143104 Aug 27 15:27 db2govd -r-sr-s--- 1 db2inst1 db2grp1 86355 Aug 27 15:27 db2inidb -r-sr-x--x 1 root db2grp1 186075 Aug 27 15:27 db2licd -r-sr-x--- 1 root db2grp1 32692 Aug 27 15:27 db2licm -r-sr-s--x 1 db2inst1 db2grp1 70024 Aug 27 15:27 db2path -r-sr-s--- 1 root db2grp1 105653 Aug 27 15:27 db2remot -r-sr-s--- ...

Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.