ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the userβs own CLASSPATH directories before the systemβs directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.