Due to the recent acquisition by IBM, the Adabas & Natural Ideas Portal does not contain ideas from products ApplinX and EntireX any longer. Please refer to the IBM Ideas Portal for these products from now on (IBMid required). Existing content will be migrated during the next few weeks.
Add a new idea Subscribe
Status New
Workspace Natural for Linux and Cloud
Categories Security
Created by Slawomir Borzymowski
Created on Oct 14, 2024

RELATED IDEAS

Eliminate Natural vulnerability for impersonation

Natural can be easily cheated by the tool called fakeroot.

It can be used to change environment variable UID, which is read by Natural to set *INIT-USER variable. Natural gets UID different from user that is logged in linux and If AUTO=ON is also set, one can impersonate any user known to NSC.

The idea is that Natural should get User ID from other source than UID. Just like mail application does - even after changing UID it stil knows the original user logged to linux.

This is very important security issue.

The Adabas & Natural by Software AG Ideas Portal is hosted by Aha! Labs Inc.. Therefore, personally identifiable information are processed by Aha! Labs Inc., a company based in the United States of America. By using this Ideas Portal you agree to the Terms of Service of Aha! Labs Inc.. For further information about Aha’s handling of your personally identifiable information, please go to: https://www.aha.io/legal/security/gdpr.