"Execute As" and xp_cmdshell
-
Hi,
I'm just starting to look at migrating our servers to 2005 and have noticed something worrying about the Execute As command.
So far as I can tell as the sysAdmin I can impersonate any domain user set up on a server. So, in theory, I'm able to add say a Director's account as a user on a database and then with a combination of execute as and xp_cmdshell "dir " get access to any private directory's they may have on the network!
Is this really the massive security loophole it seems or am I missing something significant??
Thanks for any advice
Ian.
-
I don't think it Impersonates the Account going out of SQL Server it does impersonates the credentials for local SQL Server objects.
From BOL:
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.
When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.
I think from that is clear that it does *not* uses those (EXECUTE AS) credentials to access the filesystem
Cheers,
* Noel -
Also, as an FYI, while xp_cmdshell by itself is considered a security issue, it is disabled by default in SQL Server 2005. So if you (and no one else) has turned it on specifically, you don't have to worry about any issues at all.
-
Cheers guys, I knew there was something obvious I was forgetting!
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply