UCF STIG Viewer Logo

Run control scripts must not execute world writable programs or scripts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216304 SOL-11.1-020350 SV-216304r603267_rule Medium
Description
World writable files could be modified accidentally or maliciously to compromise system integrity.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2022-11-18

Details

Check Text ( C-17540r371000_chk )
Check the permissions on the files or scripts executed from system startup scripts to see if they are world writable.

Create a list of all potential run command level scripts.

# ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "

Create a list of world writable files.

# find / -perm -002 -type f >> WorldWritableFileList

Determine if any of the world writeable files in "WorldWritableFileList" are called from the run command level scripts.

Note: Depending upon the number of scripts vs. world writable files, it may be easier to inspect the scripts manually.

# more `ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`

If any system startup script executes any file or script that is world writable, this is a finding.
Fix Text (F-17538r371001_fix)
Remove the world writable permission from programs or scripts executed by run control scripts.

Procedure:

# chmod o-w