Note 1520462 - Unauthorized call of operating system command
Summary
SymptomA malicious user can execute an operating system command with a parameter string by calling a certain ABAP function because the function does not perform any authorization checks.
In SAP terminology, these calls are referred to as 'external programs' or 'external commands' (See Note 677435 also.).
Other termsExternal programs, external commands
Reason and PrerequisitesThis is caused by a design error.
A malicious user who is very familiar with SAP source code may recognize this security hole.
SolutionImport the Support Package or implement the correction instructions.
For technical reasons, you cannot extend the start of the validity of the correction instructions to older Support Packages. However, the problem described in this note exists from the outset in all releases.
When you implement these corrections, the authorization check that must be performed for external commands and external programs is now also performed in the aforementioned function.
(For more information about the authorizations that are checked, see Notes 859104 and 854060.)
You will not notice any changes to the system behavior, apart from the following very unlikely exception:
Now, when you start an external program as a step of a background job, the system also checks whether the step user has system administrator authorization. Therefore, it checks the authorization S_RZL_ADM (field ACTVT = 01).
If the step user does not have this authorization, the job terminates with a relevant message in the job log and the external program is not executed.
For security reasons, the new authorization check is imperative.
The new check will probably have no effect for your existing batch jobs because the step user is always the job scheduler by default, and an external program can only be scheduled as a job step if the job scheduler has system administrator authorization.
However, if there are batch jobs in your system with the following properties:
- the job has an external program as the job step
AND
- the step user of this step is not the job scheduler
AND
- this step user has no system administrator authorization
these jobs will terminate after you implement these correction instructions.
To identify these jobs, the program Z_FIND_JOBS_WITH_EXTPROG is attached to this note.
Execute this program. If the program detects jobs with the properties mentioned above, change the step user for these jobs, or assign system administrator authorization to the step user.
After you have implemented the corrections, you can no longer create background jobs with the aforementioned properties.
In SAP terminology, these calls are referred to as 'external programs' or 'external commands' (See Note 677435 also.).
Other termsExternal programs, external commands
Reason and PrerequisitesThis is caused by a design error.
A malicious user who is very familiar with SAP source code may recognize this security hole.
SolutionImport the Support Package or implement the correction instructions.
For technical reasons, you cannot extend the start of the validity of the correction instructions to older Support Packages. However, the problem described in this note exists from the outset in all releases.
When you implement these corrections, the authorization check that must be performed for external commands and external programs is now also performed in the aforementioned function.
(For more information about the authorizations that are checked, see Notes 859104 and 854060.)
You will not notice any changes to the system behavior, apart from the following very unlikely exception:
Now, when you start an external program as a step of a background job, the system also checks whether the step user has system administrator authorization. Therefore, it checks the authorization S_RZL_ADM (field ACTVT = 01).
If the step user does not have this authorization, the job terminates with a relevant message in the job log and the external program is not executed.
For security reasons, the new authorization check is imperative.
The new check will probably have no effect for your existing batch jobs because the step user is always the job scheduler by default, and an external program can only be scheduled as a job step if the job scheduler has system administrator authorization.
However, if there are batch jobs in your system with the following properties:
- the job has an external program as the job step
AND
- the step user of this step is not the job scheduler
AND
- this step user has no system administrator authorization
these jobs will terminate after you implement these correction instructions.
To identify these jobs, the program Z_FIND_JOBS_WITH_EXTPROG is attached to this note.
Execute this program. If the program detects jobs with the properties mentioned above, change the step user for these jobs, or assign system administrator authorization to the step user.
After you have implemented the corrections, you can no longer create background jobs with the aforementioned properties.
Header Data
| Release Status: | Released for Customer |
| Released on: | 08.02.2011 |
| Master Language: | German |
| Priority: | HotNews |
| Category: | Program error |
| Primary Component: | BC-CCM-BTC-EXT External and Logical Commands |
RELATED POSTS
Useful links for SAP BW
- SAP BW Notes
- Something about SAP
- Yangchaung
- Way2Sap
- SAP BI Articles
- SAP BW Area
- ERP Howto
- SAP BW Developers Guide
- SAP Help for SAP BI 7.0
- SAP BI - SDN Articles
- SAP BI - How to Guides
No comments:
Post a Comment