Solution : https://service.sap.com/sap/support/notes/618516 (SAP Service marketplace login required)
Summary :
SAP Note clarifies the need to secure the RFCEXEC or RFCEXEC.EXE, which are used as external RFC server programs that potentially interact with the operating system through the SAP system. Due to its widespread unintended productive use, enhanced access control was introduced in the RFCSDK version 6.20 patch 35. Key enhancements include a logon handler for supervising RFC calls based on connection types, users, clients, and SNC names. Additionally, RFC_REMOTE_EXEC and RFC_REMOTE_PIPE functions now have limitations to prevent certain operating system commands. Access rules are defined in the 'rfcexec.sec' file, which should be securely stored and managed per the administrator's guidance.
Key words :
snc-saved rfc communication, connection type specification makes, forbidden operating system statements, allowed operating system commands>/, dynamically linked rfcexec program, sec' operating system file, rfc_remote_pipe rfc-enabled functions, exe rfc server program, operating system statements, prevent unwanted statements
Related Notes :
| 1140031 | Security Note: rfcexec/startrfc Used in File Interfaces |
| 1105897 | GW: reginfo and secinfo with permit and deny ACL |
| 1069911 | GW: Changes to the ACL list of the gateway (reginfo) |
| 735402 | editieren der rfcexec.sec Datei mit vi-Editor auf Unix |
| 676938 | Known problems with the RFCEXEC program |