UCF STIG Viewer Logo

User start-up files must not execute world-writable programs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4087 GEN001940 SV-37433r3_rule Medium
Description
If start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to become trojans that destroy user files or otherwise compromise the system at the user, or higher, level. If the system is compromised at the user level, it is much easier to eventually compromise the system at the root and network level.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-36012r7_chk )
Determine the world writable files on the system (Note: ignore all files under /proc):

# find / -perm -002 -a -type f -exec ls -ld {} \; |

# find / -perm -002 -a -type d -exec ls -ld {} \; |

View the password file to determine where the home directories for users are:

# more /etc/passwd

Once the directory for the human users is determined, grep for the lists of world writable files and directories within the users’ home directories.

An example would be:
# grep /opt/app/bin/daemon /home/*/.*

where /home is the directory for the human users on the system and /opt/app/bin/daemon is a world writable file.
Fix Text (F-31263r2_fix)
Remove the world-writable permission of files referenced by local initialization scripts, or remove the references to these files in the local initialization scripts.