How do I configure uroot to ignore a . in the path. (NETIQKB37614)

  • Document ID:7737614
  • Creation Date:02-Feb-2007
  • Modified Date:27-Nov-2007
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

goal
How do I configure uroot to ignore a dot (.) in the path.

fact
VigilEnt Security Agent for Unix 4.0

fact
VigilEnt Security Agent for Unix 5.0

fix

The ignore_dot variable in uroot determines whether the shell to accepts or denies a "." in the path of an assumed process.

Vulnerability:

By having a dot in the path, it is possible to inadvertently allow an unprivileged user to gain access to host resources. If "." is in the path, there is a possibility that a malicious script could be picked up first and execute several Unix commands giving users undesired access.

Turning ignore_dot on solves this vulnerability.

Enabling ignore_dot feature for uroot:

  1. Using your favorite editor, load /etc/uroot.cfg
  2. Somewhere near the top of the file (preferrably after the lines that start with a #), type in this line:

    3. Defaults:ALL ignore_dot

  3. Save the file


Additional Information

Formerly known as NETIQKB37614