Hi folks, I've written a paper on runtime patching of database server code, which can be found here: http://www.ngssoftware.com/papers/violating_database_security.pdf It discusses "runtime patching" exploits, specifically in the context of Microsoft SQL Server 2000, but the techniques apply to a wide variety of targets. The paper also documents a three byte patch that disables access control in SQL Server, resulting (by way of some tricks) in sysadmin access for all. I think this kind of exploit is pretty dangerous and well worth thinking about, hence the paper. As always, any questions, comments, flames etc will be gratefully received. Well, received, anyhow. :o) -chris.
