{"description": "Ensure that none of the directories in root's path is equal to a single\n<tt>.</tt> character, or\nthat it contains any instances that lead to relative path traversal, such as\n<tt>..</tt> or beginning a path without the slash (<tt>/</tt>) character.\nAlso ensure that there are no \"empty\" elements in the path, such as in these examples:\n<pre>PATH=:/bin\nPATH=/bin:\nPATH=/bin::/sbin</pre>\nThese empty elements have the same effect as a single <tt>.</tt> character.", "rationale": "Including these entries increases the risk that root could\nexecute code from an untrusted location.", "severity": "unknown", "references": {"cis-csc": ["11", "3", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nist": ["CM-6(a)", "CM-6(a)"], "nist-csf": ["PR.IP-1"], "cis": ["5.4.2.5"]}, "control_references": {"cis": ["5.4.2.5"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/root_paths/root_path_no_dot/rule.yml", "template": null}