Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91619 | AIX7-00-003016 | SV-101717r1_rule | Medium |
Description |
---|
The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some ldd implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running ldd. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2019-04-29 |
Check Text ( C-90773r3_chk ) |
---|
Consult vendor documentation concerning the "ldd" command. If the command provides protection from the execution of untrusted executables, this is not a finding. Determine the location of the system's "ldd" command: # find / -name ldd If no file exists, this is not a finding. Check the permissions of the found "ldd" file: # ls -lL ---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd If the file mode of the file is more permissive than "0000", this is a finding |
Fix Text (F-97817r1_fix) |
---|
Disable the "ldd" command by removing its permissions using command: # chmod 0000 |