Post reply

How the Sql server will behave when multiple users are executing the xp_cmdshell simultaneously

  • November 18, 2014 at 9:24 am

    #298572

    Hello,

    My user wants to use xp_cmdshell command in their application because it is easier to finish their works. The user has no sysadmin role and I only grant it "alter setting" system privilege and user will do sp_configure first and then execute xp_cmdshell statement. How the Sql server will behave when multiple users are executing the sp_configure and xp_cmdshell simultaneously?

    EXEC sp_configure 'show advanced options', 1;

    RECONFIGURE WITH OVERRIDE;

    EXEC sp_configure 'xp_cmdshell', 1;

    RECONFIGURE WITH OVERRIDE;

    SET @batStr = ' mkdir e:\doc';

    EXEC('EXEC master.sys.xp_cmdshell '''+@batStr+''';');

    EXEC sp_configure 'show advanced options', 0;

    RECONFIGURE WITH OVERRIDE;

    EXEC sp_configure 'xp_cmdshell', 0;

    RECONFIGURE WITH OVERRIDE;

    Thanks for your input!

  • November 18, 2014 at 9:38 am

    #1759333

    I imagine potentially you could get race condition issues, that code chunk looks pretty small but you could potentially have someone disable xp_cmdshell right after someone else enables it but before they get to run their command.

    Also that's making the assumption that your developers will be responsible enough to always disable xp_cmdshell immediately after using it and not just leave it enabled.

  • November 18, 2014 at 9:53 am

    #1759341

    Thanks for your input! Is there a way to resolve this contention issue and use xp_cmdshell in user's application? In our environment, we cannot get sysadmin which is me to enable xp_cmdshell using sp_configure only once at instance level because I guess we have application disable it regually or not sure the reason why it always is disabled automatically.

    Other better method to dynamic create a folder e:\doc or execute other DOS command dynamiclly?

    Thanks for your help!

  • November 18, 2014 at 9:59 am

    #1759344

    I think the following statement will reduce contention rate in our environment

    EXEC sp_configure 'show advanced options', 1;

    RECONFIGURE WITH OVERRIDE;

    EXEC sp_configure 'xp_cmdshell', 1;

    RECONFIGURE WITH OVERRIDE;

    SET @batStr = ' mkdir e:\doc';

    EXEC('EXEC master.sys.xp_cmdshell '''+@batStr+''';');

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply