SAP Basis Tech Supports

Symptom

This note lists known problems that occur in connection with the security settings of the files reg_info and sec_info. If required, this note also refers you to other notes that deal with a particular problem. For general information about using these files, read Note 1069911 in addition.
1.) Entries for HOST and USER-HOST may be unreadable in Releases 640 and 7.00.
2.) An error that occurs in kernel 6.40 has the effect that an incorrect address mask is calculated if wildcards are used in the IP addresses or if the suffix “/X” is used. For this reason, accesses are permitted that should be prevented. In addition, the gateway may terminate due to signal 11 in the function NiStrToAddrMask.
3.) Enhancement to the functions: Up to now, the entries in the files, which were determined using the instance profile parameters gw/reg_info and gw/sec_info, were a purely positive list. This meant that the system checked only the entries that were specified in the files. If the system could not find a suitable entry, it rejected any attempt to execute or register the program.
4.) The separator for an entry in the sec_info file (this controls which programs are allowed to be started, see Note 110612) is a comma. The end of the line can be closed with a semicolon. However, if you close the end of the line with a semicolon, the semicolon is included when the string is calculated; this is due to an error during parsing. This leads to “Not authorized” entries in the dev_rd file.
5.) After you apply a kernel patch in Release 640 and Release 700, the system may suddenly reject definitions in the files sec_info and reg_info (for more information, see Note 1105897). However, this occurs only if Full Qualified Host Names are defined in sec_info and reg_info.
6.) The settings for the files reginfo and secinfo can be bypassed
to ensure that programs that are not permitted can also communicate with the gateway.

7.) If you specify HOST = 127.0.0.1, problems may occur when external programs are started locally.

Other terms

reg_info, reginfo, sec_info, secinfo, gw/reg_info, gw/sec_info, access control list (ACL)
Reason and Prerequisites

Reason:
These problems are caused by several program errors.
Prerequisite:
You have used the parameters gw/reg_info and gw/sec_info to activate files for securely starting external programs.
Solution

Regarding problem 1.)
Entries for HOST and USER-HOST may be unreadable in Releases 6.40 and 7.00. This is corrected in the following patch levels:
640: 212
700: 139
Regarding problem 2.)
This problem occurs only in kernel Release 640. It is corrected in patch level 261.
Regarding problem 3.)
See Note 1105897.

Regarding problem 4.)
This problem affects only the file sec_info. See Note 1099426.
Regarding problem 5.)
See Note 1173528.
Regarding problem 6.)
See Note 1298433.
Regarding problem 7.)
See Note 1313778.