UCF STIG Viewer Logo

The .Xauthority files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22446 GEN005190 SV-26710r1_rule ECLP-1 Medium
Description
.Xauthority files ensure the user is authorized to access that specific X Windows host. Extended ACLs may permit unauthorized modification of these files, which could lead to Denial of Service to authorized access or allow unauthorized access to be obtained.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-27716r1_chk )
Check the file permissions for the .Xauthority files.
# ls -lL .Xauthority
If the permissions include a "+", the file has an extended ACL and this is a finding.
Fix Text (F-23951r1_fix)
Remove the extended ACL from the file.
# getfacl .Xauthority
Remove each ACE returned.
# setfacl -d [ACE] .Xauthority