Trojanning Sybase
The options for inserting backdoors into a database system of Sybase's complexity are numerous . Following are a few ideas; there are plenty of variations on these themes.
Grant a User sa or sso_role
If you grant users sa_role, they can effectively do everything.
You can see what roles are available to users by executing the following query:
select l.name Login, sr.name ServerRole from master..syslogins l join master..sysloginroles lr on l.suid = lr.suid join master..syssrvroles sr on sr.srid=lr.srid
Allow Direct Updates to System Tables, Grant Access to Selected System Tables
By default, users (even sa) are not permitted to directly modify system tables (such as syslogins), even if they would otherwise be able to. Many possibilities for subtle backdoors are opened up if you enable updates to system tables.
The statement to allow updates is
sp_configure 'allow updates to system tables', 1
This is a dynamic configuration setting and thus takes effect immediately; there is no need to restart the server.
The following query displays all explicit permissions (including upon col-umns) in the current database:
select u.name "user", u2.name grantor, o.name object, c.name column, v.name, p.protecttype from sysprotects p join sysusers u on p.uid = u.uid join sysobjects o on p.id = o.id join sysusers u2 on p.grantor = u2.uid join master..spt_values v on p.action=v.number and v.type='T' join syscolumns c on o.id = c.id where (power(2, c.colid) & convert(int, p.columns)) > 0 and p.columns != 0 and p.columns != 1 and p.columns is not null union select u.name "user", u2.name grantor, o.name object, '*' column, v.name, p.protecttype from sysprotects p join sysusers u on p.uid = u.uid join sysobjects o on p.id = o.id join sysusers u2 on p.grantor = u2.uid join master..spt_values v on p.action=v.number and v.type='T' where p.columns=0x01 or p.columns=0x00 or p.columns is null order by o.name
EAN: 2147483647
Pages: 156