Device files and directories must only be writable by users with a system account or as configured by the vendor.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-924	GEN002280	SV-63229r3_rule		Medium

Description
System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2020-02-25

Details

Check Text ( C-51941r3_chk )
Find all world-writable device files existing anywhere on the system. Procedure: # find / -perm -2 -a \( -type b -o -type c \) > devicelist Check the permissions on the directories above subdirectories containing device files. If any of the device files or their parent directories are world-writable, excepting device files specifically intended to be world-writable such as /dev/null, this is a finding. These world-writable files on installation are intended to be world-writable: /dev/full /dev/null /selinux/null /dev/ptmx /dev/random /dev/tty /dev/vsock /dev/zero /dev/log

Check Text ( C-51941r3_chk )

Find all world-writable device files existing anywhere on the system.

Procedure:
# find / -perm -2 -a \( -type b -o -type c \) > devicelist

Check the permissions on the directories above subdirectories containing device files.

If any of the device files or their parent directories are world-writable, excepting device files specifically intended to be world-writable such as /dev/null, this is a finding.

These world-writable files on installation are intended to be world-writable:

/dev/full
/dev/null
/selinux/null
/dev/ptmx
/dev/random
/dev/tty
/dev/vsock
/dev/zero
/dev/log

Fix Text (F-53799r3_fix)
Remove the world-writable permission from the device file(s). Procedure: # chmod o-w Document all changes.