|
Initiation responsibility: IT Security Management, Administrators
Implementation responsibility: Administrator, IT users
It must be ensured that only approved versions of executable files and no modified versions that may have been introduced (especially Trojan Horses) are called up.
Therefore, the current directory (.) should not be included as a path in the PATH variable. Executable files should be contained only in the directories intended for the purpose. Only the owner may have write access to the directories contained in a PATH variable. This should be regularly checked. In Unix systems with an IFS variable, this should be set at the standard value ( space, tab and newline) and, in particular, must not be set at"/".
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: Januar 2000 |