If the user has the file-system-rights to delete the file, securing pipe would be of no use, because he/she could just use the fdelete function.

file pipe can be disabled entirely using the -noxcmd start up option, in facts, that's the default in most configurations. It's a difficult topic, XCMDs bring very significant and powerful capabilities, but Spiderman allies (great power, great responsibilities).

You can basically do whatever your user account is allowed to do, and if that means file deleting, you can.

So, it throws a focus on to the SAS environment being properly configured and setup, that end users DO NOT have permissions to write and delete inside the SAS configuration directory, etc.

Perhaps the greatest risk is that mistakes can happen, a bit of code to "delete files"  is fine when you use it as intended on "your" files, but the day you pass it a blank "directory" value, it ends up working on a directory you didn't intend, and merrily deletes everyone else's files.

Completely agreed with you on this 😃

That's why I wanted to know if there is a way to secure it (without disabling it lol)

The fdelete is only usefull if we know the full path, by default everything is partitionned here and each group of user can see the files they are supposed to see.

If I can see C:\Dir\File2Delete.txt then ofc I dont need to use weird way to delete it.

The main problem here is thanks to the piping, I can see the files I am not supposed to see, it also means that I know the full path name which can become the arg for my deletion (with fdelete or not) 😃

If you do not want that users have access to certain files, you need to properly set permissions on the operating system level. As long as users have a system account, they can use that outside of SAS to wreck your day (if you are the system admin, and were sloppy).

Thank you all for your kind replies 😃

I was not clear sorry ; I am only a regular user, I am not an administrator and have thus no actions on the server in terms of settings.

The current environnement :

• OS = WIN (X64_SRV12)
• SAS = 9.04.01M3P062415

Via Windows Explorer (even via dos command), the differents properties level are good - I can only access, read or write the files/directories that I am supposed to.

Same for SAS Guide Explorer, the partitioning of the differents files are good, I can only see/manipulate what I am supposed to see/manipulate

And the problem occurs with the piping... I can read full path filename then with a CP command, I can grab everything I want, I can even delete and all of this via piping command injection.

I have to report this problem to the administrators, but before to do it, I am here to know if there is any way to secure without disabling the piping (because I need the piping...)

Why I need it ? Because I want to dynamically mount a network disk that is not mounted by default, to work on it (maybe there is a specific function/command on SAS?)

I do it with these instructions 

filename
	&fileDesc. pipe
	"@echo off & NET USE T: /DELETE /Y & NET USE T: \\XXXX\ZZZ"
	lrecl=32767;
%diskScan(&fileDesc., diskName = T);

Thank you again in any case ^^

o(  ^   ^  )o Cheers!!! o(  ^   ^  )o

With Windows, you can usually just use the UNC, no need to mount it in order to be able to access it.

So, you can use  "\\xxxx\zzz\thefile.txt" as the path to the file, in an import for instance.

Thank you, but...

As I got some “unc path not supported” as errors, I gave up and finaly used the simplest and also fastest way; to mount a virtual network disk which is only existed during the session SAS

But yes, I firstly tried with UNC directly 😃

Well, if it won't work implicitly, you've got no choice. Odd though.

lol yes, if the server works well it will be easier for the rest of the world ^^