Skip to main content
ExLibris
  • Subscribe by RSS
    • Back
    Aleph
    Ex Libris Knowledge Center

    "." should not be included in the PATH variable

    1. Last updated
    2. Save as PDF
    • Product: Aleph
    • Product Version: 22, 23
    • Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare

    Description

    The variable PATH in $alephe_root/aleph_start contains a '.' which holds a potential risk for exploit (executing scripts from the current directory)

    Resolution

    The "." in the PATH variable cannot be eliminated completely, but the risks for an potential exploit minimized.
    The workaround is to set the "." as the last option of the PATH so that the aleph/exe directory will always be the first option.
    Change the following line in $alephe_root/aleph_start:

    set path=($path /usr/local/bin .) 

    to:

    set path=($path /usr/local/bin )

    and add the "." to the last update of the PATH:

    setenv    PATH               "${PATH}:${aleph_exe}:${alephm_proc}:/etc:."
     

     

    • Article last edited: 24-September-2017
    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      This page has no tags.