Current directory only at end of PATH (UNIX)

Module: User Files

This check reports users with current directory (. or ::) entries located anywhere except at the end of their PATH variables. Use the check's name list to exclude or include users and user groups that are not already included or excluded by the Users to check option. Enable one, but not both, of the PATH (using su) or PATH (modifying startup script) options before executing this security check. Also, when both this and the Current directory not allowed in PATH checks are run on the same user account, Symantec ESM reports any current directory entry in the user's PATH variable as an error.

The following table lists the error messages for the check.

Table: Error messages for Current directory only at end of PATH

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_CURDIR Category: System Error	UNIX (5437)	Title: Current directory not last in path Description:The named user has defined a path that includes the current directory in a location other than at the end of the path. This is a security problem if the current directory for the user is set to a directory where other users have write access. The user can be "spoofed" when a common system command such as 'ls' is placed in that directory and executed instead of the system 'ls'. You should move the current directory to the end of the path where the PATH environment variable is set in the .login, .cshrc, or .profile script file for this user. Note that a null field in the path is equivalent to '.'.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_BOTH_CURDIR Category: System Error	UNIX (5456)	Title: User included for both current directory PATH checks Description:The named user was included by name lists for both of the security checks titled "Current Dir Allowed Only at End of PATH" and "Current Dir Not Allowed in PATH." This policy run applied the tougher standard of the Current directory not allowed in PATH check, but you should modify the name lists for future policy runs so that only one of these checks includes the listed user.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_CURDIR

Category: System Error

UNIX (5437)

Title: Current directory not last in path

Description:The named user has defined a path that includes the current directory in a location other than at the end of the path. This is a security problem if the current directory for the user is set to a directory where other users have write access. The user can be "spoofed" when a common system command such as 'ls' is placed in that directory and executed instead of the system 'ls'. You should move the current directory to the end of the path where the PATH environment variable is set in the .login, .cshrc, or .profile script file for this user. Note that a null field in the path is equivalent to '.'.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_BOTH_CURDIR

Category: System Error

UNIX (5456)

Title: User included for both current directory PATH checks

Description:The named user was included by name lists for both of the security checks titled "Current Dir Allowed Only at End of PATH" and "Current Dir Not Allowed in PATH." This policy run applied the tougher standard of the Current directory not allowed in PATH check, but you should modify the name lists for future policy runs so that only one of these checks includes the listed user.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]