Previous Topic: Using Negative Access Control ListsNext Topic: Synchronization with Native UNIX Security


Blocking Trojan Horses with the _abspath Group

Any relative path names in the $PATH variable, but particularly the dot (.) path name meaning “current directory,” is a security weakness. Consider the following scenario:

To eliminate this security weakness, CA ControlMinder provides a user group named _abspath. All members of the _abspath group are forbidden to use relative path names in invoking programs.

You can add a user to the _abspath group just as you add one to any other group. Effective at the next login, the user is forbidden to use relative path names when accessing programs.