Sunday 17 April 2011

ASE : How to drop Sybase xp_cmdshell

Sybase has xp_cmdshell extended stored procedure. This procedure is a security concern, as power user can use this procedure to call OS commands under the security context of the service sybase runs under. What can I do to remove the procedure, I did a lot of research on this, couldn’t find anythng on the web. Some of the information on the web are already out of date, as they assume the xp_cmdsell is still in master db. In Sybase 12.5, the xp_cmdshell is in sybsystemprocs. but the sp_dropextendedproc requires the user to be in master db.

1> use sybsystemprocs
2> go

1> exec sp_dropextendedproc xp_cmdshell
2> go
Msg 18388, Level 16, State 1:Server ‘TESTServer’, Procedure ’sp_dropextendedproc’, Line 23:You must be in the master database in order to run ’sp_dropextendedproc’.
(return status = 1)

1> use master
2> go

1> sp_dropextendedproc xp_cmdshell
2> go
Msg 3701, Level 11, State 1:Server ‘TESTServer’, Line 1:Cannot drop the procedure ‘xp_cmdshell’, because it doesn’t exist in the systemcatalogs.
Msg 18389, Level 16, State 1:Server ‘TOR_GSF_UAT’, Procedure ’sp_dropextendedproc’, Line 66:sp_dropextendedproc failed. Check the SQL Server error log file.
(return status = 1)

We can do it this way :

1> use sybsystemprocs
2> go

1> select name from sysobjects where type = ‘XP’
2> go
name
——————————
xp_cmdshell
xp_freedll
(2 rows affected)

1> dbcc dropextendedproc(xp_cmdshell)
2> go

1> select name from sysobjects where type = ‘XP’
2> go
name
——————————
xp_freedll
(1 row affected)

1 comment: