Sidebar: AIXceptions

AIX 3.2 does not allow use of the PATH in an execvp if the program is setuid. Altering the PATH has no effect for setuids -- you will always receive the system-defined PATH from /etc/environment. AIX also does not allow a script running under an effective user id to properly use file permissions within tests. For example, even if a file has a mode of 777, a setuid script using suFirewall will not be able to properly test it for read, write, execute, etc. (the test always returns false!).

You can solve the latter problem by using the realdo program described in the article text. Solving the PATH problem requires having the environment variable contain just the Secured Directory path. Any nested call to a program contained within the Secured Directory will have to be fully qualified using this environment variable. While this is a nuisance, it is better than having to fully qualify every command, both the secured and the non-secured. You should also replace the execvp command with an execv command within the suFirewall program, where the program name is fully qualified with the Secured Directory path.