My Oracle Support Banner

Users Can Execute Commands Not Allowed In Policy By Adding A Newline Character. (Doc ID 2231413.1)

Last updated on APRIL 19, 2021

Applies to:

Oracle Privileged Account Manager - Version and later
Information in this document applies to any platform.


Users can bypass the allow list and deny list command policies by adding a newline character to their command line.

In the following example, The usage policy  allow list commands do not include the "ls" command.

When a user enters the "ls -lart" command it shows "Not allowed" as expected. However if a user then copies the entire line (with blank space) and pastes into the OPAMSH# prompt the command is executed.

OPAMSH# ls -lart
ls -l -lart : Not allowed
OPAMSH# ls -lart
ls -l -lart : Not allowedls -lart
total 40
-rw-r--r-- 1 user group 6 May 11 2015 testfile1
-rw-r--r-- 1 user group 6 May 11 2015 testfile2
-rw------- 1 user group 708 May 11 2015 .viminfo
drwx------ 5 user group 4096 May 11 2015 .
-rw------- 1 user group 1410 Jan 10 02:07 .bash_history


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.