Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    "." should not be included in the PATH variable

    • Product: Aleph
    • Product Version: 22, 23
    • Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare

    Description

    The variable PATH in $alephe_root/aleph_start contains a '.' which holds a potential risk for exploit (executing scripts from the current directory)

    Resolution

    The "." in the PATH variable cannot be eliminated completely, but the risks for an potential exploit minimized.
    The workaround is to set the "." as the last option of the PATH so that the aleph/exe directory will always be the first option.
    Change the following line in $alephe_root/aleph_start:

    set path=($path /usr/local/bin .) 

    to:

    set path=($path /usr/local/bin )

    and add the "." to the last update of the PATH:

    setenv    PATH               "${PATH}:${aleph_exe}:${alephm_proc}:/etc:."
     

     


    • Article last edited: 24-September-2017
    • Was this article helpful?