/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Using program RSBDCOS0 to run operating system commands is normally reflected in SM21, but commands appended in the “Change current directory” field using shell operators like “&&” run without appearing in SM21.
- Example pattern: enter a path followed by “&& id && cat /etc/passwd”; the additional commands run while SM21 does not show a corresponding entry.
- The output from such appended commands is not shown in the RSBDCOS0 list for the “change directory” action; the list updates only for the standard run function.
- The appended commands are stored together with the path and can run again when items in the list are started, because a change-directory is implicitly concatenated.
- In kernel snapshots (for example via work process snapshots), the full command chain may be visible under “Change working directory,” while SM21 does not show it.
Read more...
Environment
SAP NetWeaver Application Server for ABAP, ABAP Platform
Product
ABAP platform all versions ; SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA all versions
Keywords
rsbdcos0, change current directory, sm21, system log, unlogged commands, os command, shell operator, &&, abap as, security, vulnerability, logging bypass, cd function, syslog, monitoring , KBA , BC-ABA-SC , Dynpro and CUA engine , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)