UCF STIG Viewer Logo

Device files and directories must only be writable by users with a system account or as configured by the vendor.


Overview

Finding ID Version Rule ID IA Controls Severity
V-924 GEN002280 SV-924r2_rule ECCD-1 ECLP-1 ECCD-2 Medium
Description
System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-465r2_chk )
Find all device files existing anywhere on the system.

Procedure:
# find / -type b -print > devicelist
# find / -type c -print >> devicelist

Check the permissions on the directories above subdirectories containing device files. If any of the device files or their parent directories is world-writable, excepting device files specifically intended to be world-writable, such as /dev/null, this is a finding.
Fix Text (F-1078r3_fix)
Remove the world-writable permission from the device file(s).

Procedure:
# chmod o-w

Document all changes.