What if one could directly read and manipulate
data at the block level? Oracle provides such a
tool to do exactly that, but it has to be built
by the DBA. The Block Browser and Editor tool,
or bbed for short, is the ticket into the
contents of data blocks within an Oracle
database. Here is what can be done with bbed:
The ability to change data is what it sounds
like. Any data can be changed anywhere. What
does this imply? It also means that passwords
can be changed - any password. For example, the
password for sys can be changed.
Deleted a row and need to recover it? What
happens to data when the DBA or a user deletes
it? Specifically, does the data really go away,
or does something else take place? The answer is
that something else takes place. Oracle marks
the row(s) as deleted and makes the space
available for use in the future. For example,
when using files in DOS and a file was deleted,
the first character of the file name was changed
and the file became hidden to normal "dir"
listings. Recovery tools could be used to show
deleted files; the only real work was to figure
out what the missing first character was.
Recovering data in Oracle using bbed is roughly
the same thing - one just has to find where the
deleted row lives and reset some flags to make
the row active again as long as the row has not
been overwritten yet.
On a larger scale, the same type of recovery can
be done using data files. By setting values
inside the file header (the file header block),
an older file can become part of the current
database.
The bbed utility also gives one the power to
corrupt and uncorrupt a block or reset the
corrupt block marker. Use of bbed for this
purpose, although interesting, is not practical
in that there are better, i.e. more established
and approved, ways of repairing corrupt blocks.
However, if one wants to corrupt a block and
test out one's RMAN skills, this would be a
fairly quick way to set up that lab environment.
All of the above can be done without having
access to a database in terms of being logged in
or having an active instance running except for
the RMAN recovery. In other words, if someone
has access to bbed and access to one's datafiles,
that person has access to everything in the
database. Everything. If that does not convince
one to safeguard the Oracle datafiles from
unauthorized users, what will?
Where and how does one get bbed? In UNIX, Oracle
gives the pieces needed to create the tool. The
DBA does not get bbed as a live or active
executable like what one gets with EXP or
SQL*Plus. In older versions of Oracle on
Windows, the executable was installed ready for
use, but this is no longer the case.
It did not even have to be the RDBMS
installation to get BBED.EXE (how it is named on
Windows). Using an Oracle8i client installation,
BBED.EXE is installed in $ORACLE_HOME/bin by
default.
In a 32-bit installation on UNIX (refers to all
*NIX variants), look for two object files in
$ORACLE_HOME/rdbms/lib: sbbdpt.o and ssbbded.o.
In a 64-bit installation, the files will be in
the lib32 directory.
[oracle] ls -la *bb*.o
-rw-r--r--
1 oracle
dba
1160 Nov 18
2003 sbbdpt.o
-rw-r--r--
1 oracle
dba
848 Nov 18
2003 ssbbded.o
To create or make the executable, use the make
command as shown.
[oracle] make -f
ins_rdbms.mk $ORACLE_HOME/rdbms/lib/bbed
Sample output from the make command is shown
below.
Linking BBED utility (bbed)
rm -f
/u001/app/oracle/ora904/rdbms/lib/bbed
gcc -o
/u001/app/oracle/ora904/rdbms/lib/bbed
-L/u001/app/oracle/ora904/rdbms/lib/
-L/u001/app/oracle/ora904/lib/
/u001/app/oracle/ora904/lib/s0main.o
/u001/app/oracle/ora904/rdbms/lib/ssbbded.o
/u001/app/oracle/ora904/rdbms/lib/sbbdpt.o
`cat /u001/app/oracle/ora904/lib/ldflags`
-lnsslb9 -lncrypt9 -lnsgr9 -lnzjs9
-<some lines removed>
lcommon9 -lgeneric9
-ltrace9 -lnls9
-lcore9 -lnls9 -lcore9 -lnls9 -lxml9
-lcore9 -lunls9 -lclient9
-lvsn9 -lwtc9 -lcommon9 -lgeneric9
-lnls9
-lcore9 -lnls9 -lcore9 -lnls9 -lxml9
-lcore9 -lunls9
`cat /u001/app/oracle/ora904/lib/sysliblist`
-Wl,-rpath,/u001/app/oracle/ora904/lib:/lib:/usr/lib
-lm
`cat /u001/app/oracle/ora904/lib/sysliblist`
-ldl -lm