Title

The owner, group owner, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures. (Cat II impact)

Discussion

All files with the setgid bit set will allow anyone running these files to be temporarily assigned the GID of the file. While many system files depend on these attributes for proper operation, security problems can result if setgid is assigned to programs that allow reading and writing of files, or shell escapes.

Check Content

Locate all setgid files on the system. Procedure: # find / -perm -2000 If the ownership, permissions, location, and ACLs of all files with the setgid bit set are not documented, this is a finding.

Fix Text

All files with the sgid bit set will be documented in the system baseline and authorized by the Information Systems Security Officer. Locate all sgid files with the following command: #find / -perm -2000 -exec ls -lL {} \; # find / -perm -2000 -exec aclget {} \; Ensure sgid files are part of the operating system software, documented application software, documented utility software, or documented locally developed software. Ensure none are text files or shell programs.

Additional Identifiers

Rule ID: SV-38945r1_rule

Vulnerability ID: V-802

Group Title: GEN002440

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.