Current directory not allowed in PATH (UNIX)

Module: User Files

This check reports users with current directory entries (. or :: or : at the starting or ending of the path) located anywhere in their PATH variables. Use the check's name list to exclude or include users and user groups that are not already included or excluded by the Users to check option. Enable one, but not both, of the PATH (using su) or PATH (modifying startup script) options before executing this security check. Also, when both this and the Current directory only at end of PATH checks are run on the same user account, Symantec ESM reports any current directory entry in the user's PATH variable as an error.

The following table lists the error messages for the check.

Table: Error messages for Current directory not allowed in PATH

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_BOTH_CURDIR Category: System Error	UNIX (5456)	Title: User included for both current directory PATH checks Description:The named user was included by name lists for both of the security checks titled "Current Dir Allowed Only at End of PATH" and "Current Dir Not Allowed in PATH." This policy run applied the tougher standard of the Current directory not allowed in PATH check, but you should modify the name lists for future policy runs so that only one of these checks includes the listed user.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CURDIR2 Category: System Error	UNIX (5457)	Title: Current directory found in path Description:The user has defined a path that includes the current directory. This is a security problem if the current directory for the user is set to a directory where other users have write access. The user can be "spoofed" when a common system command such as 'ls' is placed in that directory and executed instead of the system 'ls'. You should remove the current directory from the PATH environment variable in the .login, .cshrc, or .profile script file for this user. Note that a null field in the path is equivalent to '.'.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_BOTH_CURDIR

Category: System Error

UNIX (5456)

Title: User included for both current directory PATH checks

Description:The named user was included by name lists for both of the security checks titled "Current Dir Allowed Only at End of PATH" and "Current Dir Not Allowed in PATH." This policy run applied the tougher standard of the Current directory not allowed in PATH check, but you should modify the name lists for future policy runs so that only one of these checks includes the listed user.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CURDIR2

Category: System Error

UNIX (5457)

Title: Current directory found in path

Description:The user has defined a path that includes the current directory. This is a security problem if the current directory for the user is set to a directory where other users have write access. The user can be "spoofed" when a common system command such as 'ls' is placed in that directory and executed instead of the system 'ls'. You should remove the current directory from the PATH environment variable in the .login, .cshrc, or .profile script file for this user. Note that a null field in the path is equivalent to '.'.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]