Ensure that Root's Path Does Not Include Relative Paths or Null Directories

An XCCDF Rule

Details
Profiles
Prose

Description

Ensure that none of the directories in root's path is equal to a single . character, or that it contains any instances that lead to relative path traversal, such as .. or beginning a path without the slash (/) character. Also ensure that there are no "empty" elements in the path, such as in these examples:

PATH=:/bin
PATH=/bin:
PATH=/bin::/sbin

These empty elements have the same effect as a single . character.

Rationale

Including these entries increases the risk that root could execute code from an untrusted location.

ID: xccdf_org.ssgproject.content_rule_root_path_no_dot
Severity: Unknown
References: 11 3 9

BAI10.01 BAI10.02 BAI10.03 BAI10.05

CCI-000366

4.3.4.3.2 4.3.4.3.3

SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.2.2 A.14.2.3 A.14.2.4

CM-6(a) CM-6(a)

PR.IP-1
Updated: about 1 year ago