An error occurred:

Check: GEN002440

IRIX 6.5: GEN002440 (in versions v1 r1 through v1 r0.76)

Title

The owner, group-owner, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures. (Cat II impact)

Discussion

All files with the setgid bit set will allow anyone running these files to be temporarily assigned the GID of the file. While many system files depend on these attributes for proper operation, security problems can result if setgid is assigned to programs that allow reading and writing of files, or shell escapes.

Check Content

Locate all setgid files on the system. Procedure: # find / -perm -2000 -exec ls -lLd {} \; 2>/dev/null If the ownership, permissions, location, and ACLs of all files with the setgid bit set are not documented, this is a finding.

Fix Text

All files with the setgid bit set will be documented in the system baseline and authorized by the Information Systems Security Officer. Locate all setgid files with the following command. find / -perm -2000 -exec ls -lLd {} \; Ensure setgid files are part of the operating system software, documented application software, documented utility software, or documented locally developed software. Ensure none are text files or shell programs.

Additional Identifiers

Rule ID:

Vulnerability ID: V-802

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000368

The organization documents any deviations from the established configuration settings for organization-defined information system components based on organization-defined operational requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings