The designer will ensure the application executes with no more privileges than necessary for proper operation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6143	APP3500	SV-6143r1_rule	ECLP-1	Medium

Description
An application with unnecessary access privileges can give an attacker access to the underlying operating system.

STIG	Date
Application Security and Development STIG	2014-04-03

Details

Check Text ( C-3671r1_chk )
Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps –ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server). Determine the user groups in which each account is a member. List the user rights assigned to these users and groups and evaluate whether any of them are unnecessary. 1) If the rights are unnecessary, it is a finding. 2) If the account is a member of the Administrators group (Windows) or has a User Identification (UID) of 0 (i.e., is equivalent to root in UNIX), it is a finding. 3) If this account is a member of the SYSAdmin fixed server role in SQL Server, it is a finding. 4) If the account has DDL (Data Definition Language) privileges (create, drop, alter), or other system privileges, it is a finding. Search the file system to determine if these users or groups have ownership or permissions to any files or directories. Review the list of files and identify any that are outside the scope of the application. 5) If there are such files outside the scope of the application, it is a finding. Check ownership and permissions; identify permissions beyond the minimum necessary to support the application. 6) If there are instances of unnecessary ownership or permissions, it is a finding. The finding details should note the full path of the file(s) and the associated issue (i.e., outside scope, permissions improperly granted to user X, etc.). 7) If the target is a .NET application that executes with least privileges using code access security (CAS), this is not a finding.

Check Text ( C-3671r1_chk )

Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps –ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server).

Determine the user groups in which each account is a member. List the user rights assigned to these users and groups and evaluate whether any of them are unnecessary.

1) If the rights are unnecessary, it is a finding.

2) If the account is a member of the Administrators group (Windows) or has a User Identification (UID) of 0 (i.e., is equivalent to root in UNIX), it is a finding.

3) If this account is a member of the SYSAdmin fixed server role in SQL Server, it is a finding.

4) If the account has DDL (Data Definition Language) privileges (create, drop, alter), or other system privileges, it is a finding.

Search the file system to determine if these users or groups have ownership or permissions to any files or directories.

Review the list of files and identify any that are outside the scope of the application.

5) If there are such files outside the scope of the application, it is a finding.

Check ownership and permissions; identify permissions beyond the minimum necessary to support the application.

6) If there are instances of unnecessary ownership or permissions, it is a finding.

The finding details should note the full path of the file(s) and the associated issue (i.e., outside scope, permissions improperly granted to user X, etc.).

7) If the target is a .NET application that executes with least privileges using code access security (CAS), this is not a finding.

Fix Text (F-4447r1_fix)
Modify the application to remove unnecessary privileges.