[bigiain]

I bet if you were an "evil database consultant", you could get yourself a root shell on _many_ of those servers with a little bit of google fu. There is a startling amount of exploitable code waiting in just about every standard OS install for anybody with regular user privileges.

[ora600]

If I was evil and suicidal I could wipe up many companies by "drop database including backup".

When you have DBA access to production databases, lack of root does not stand in the way of doing evil.

It does stand in the way of using message logs to troubleshoot, checking contents of /proc to determine which directory a process is running from, tuning TCP parameters to maximize data transfer rates without nagging the sysadmins, etc.

[bigiain]

True. But a _properly evil_ non-suicidal and supremely confident evil DBA could, if they wanted too, exploit the box from a local user account, rootkit it, and tidy up after themselves to remove all trace of who did it. I suspect that's actually script-kiddy-able these days, if you know the target well enough there's probably an automated tool ready to do all that for you.

(For evil-genius-DBA's bonus points for doing that via the database instead of the shell and censoring traces from the db logs too...)