Solution : https://service.sap.com/sap/support/notes/1305851 (SAP Service marketplace login required)
Summary :
This SAP Note addresses problems related to the security settings of reg_info and sec_info files. Issues range from functional problems like parsing errors in releases 6.40 and 7.00, to security vulnerabilities such as potential bypassing of settings in these files. Each issue is categorized and designated by a prefix (S for security, F for functional). Corrective measures and references to related notes for solution methods are provided explicitly for each identified problem. The note covers a variety of scenarios from System Management Gateway transactions to kernel patch implications, advising updates or specific SAP notes that solve each issue.
Key words :
instance profile parameters gw/reg_info, release-dependent enhancement packages, full qualified host names, lower kernel/abap releases, securely starting external programs, purely positive list, suddenly reject definitions, access control list, parameters gw/reg_info, security-relevant entries
Related Notes :
| 1529849 | Gateway security setting in an SCS instance, AS Java |
| 1474615 | BEx Analyzer: Workbook is not opened |
| 1465129 | CANCEL registered programs |
| 1391655 | Authorized access to SAPFTP |
| 1391464 | Authorized access to SAPHTTP |
| 1313778 | Problems when starting external programs locally |
| 1298433 | Bypassing security in reginfo & secinfo |
| 1173528 | Problems in the files sec_info and reg_info |
| 1105897 | GW: reginfo and secinfo with permit and deny ACL |
| 1099426 | GW: "not authorized" due to sec_info entry |
| 1069911 | GW: Changes to the ACL list of the gateway (reginfo) |