Protecting Access to the File System Using Logical Path and File (SAP Library

Protecting Access to the File System Using Logical Path and File Names

Some application programs allow access to files that are stored on the application or file servers in the network, and some of these programs allow the users to enter a logical or physical file name in their user interface. Unless some restrictions are made, this could lead to a user being able to access files in an area of the file system for the application server that is not intended for application files. This could result from a mistake, or it might be an intentional attack. Therefore, it makes sense for the program to check every access to files on the application server.

Identifying Affected Programs

The following graphic demonstrates the previous access procedure using the example program SAVE_PICTURES:

This graphic is explained in the accompanying text

To assist in protecting access to the file system, the application programs that access the file system in AS ABAP programs have been identified. A logical file name has been defined for each of these programs and stored in a Customizing table. This logical file name is checked at runtime when access to the file system is requested.

This graphic is explained in the accompanying text This check is not active by default since it is not possible for SAP to deliver a local description of customer-side system landscapes. Therefore, to allow for continuous operations, programs continue to run without calling the function module that is used to check for valid path and file names. However, you can configure the logging of accessed paths and file names in the Security Audit Log (transaction SM19) to determine where files are stored and accessed in your system landscape. Afterwards, you can maintain the physical path and filenames accordingly.

Activating the Check by Maintaining the Customizing Tables

Once you have determined which paths and files you use in your applications, activate the check by maintaining the corresponding physical paths and filenames in the Customizing table. By maintaining this information, you activate the check procedure, which is then called at runtime before the file can actually be accessed.

This graphic is explained in the accompanying text

Maintain the local file or path data using the transactions FILE and SFIL or by using the IMG activity Application Server ® System Administration ® Logical File Names.

The necessary information for the logical file name of a specific program delivered by SAP is stored in the table using transaction FILE. Use transaction SFIL to redefine this data in a client-specific way.

Recommended Procedure for Setting Up Secure Access

For an overview of which programs have predefined logical filenames, see SAP Note 1497003 and its related notes. Based on this information, you can decide which of these programs are relevant for being checked within your system installation. After importing the relevant support package(s), you can activate the Security Audit Log and configure it to record access to the file system. Let the application programs run for a while in “unchecked” mode and then evaluate the access paths that are recorded by the Security Audit Log. If you can see where the users of your system usually store their data, you can maintain the corresponding paths in the Customizing table and then activate the check to allow access to these paths only.