The setuid bit from Remote Access shell (unsecure) must be removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25294 | OSX00270 M6 | SV-38238r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Because attackers try to influence or co-opt the execution of setuid programs in order to try to elevate their privileges, there is benefit in removing the setuid bit from programs that may not need it. There is also benefit in restricting to administrators the right to execute a setuid program. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Details
| Check Text ( C-37701r1_chk ) |
|---|
| Open a terminal session and enter the following command. ls -ld /usr/bin/rsh Verify the file permissions are set to 555 or more restrictive. If not, this is a finding. |
| Fix Text (F-32942r1_fix) |
|---|
| Open a terminal session and enter the following command. chmod 555 /usr/bin/rsh |