How do I configure uroot to ignore a . in the path. (NETIQKB37614)

  • 7737614
  • 02-Feb-2007
  • 27-Nov-2007


How do I configure uroot to ignore a dot (.) in the path.

VigilEnt Security Agent for Unix 4.0

VigilEnt Security Agent for Unix 5.0


The ignore_dot variable in uroot determines whether the shell to accepts or denies a "." in the path of an assumed process.


By having a dot in the path, it is possible to inadvertently allow an unprivileged user to gain access to host resources. If "." is in the path, there is a possibility that a malicious script could be picked up first and execute several Unix commands giving users undesired access.

Turning ignore_dot on solves this vulnerability.

Enabling ignore_dot feature for uroot:

  1. Using your favorite editor, load /etc/uroot.cfg
  2. Somewhere near the top of the file (preferrably after the lines that start with a #), type in this line:
  3. Defaults:ALL ignore_dot

  4. Save the file

Additional Information

Formerly known as NETIQKB37614