Check: OSX00275 M6
MACOSX 10.6:
OSX00275 M6
(in version v1 r3)
Title
The setuid bit from System Activity Reporting must be removed. (Cat II impact)
Discussion
Because attackers try to influence or co-opt the execution of setuid programs in order to try to elevate their privileges, there is benefit in removing the setuid bit from programs that may not need it. There is also benefit in restricting to administrators the right to execute a setuid program.
Check Content
Open a terminal session and enter the following command. ls -ld /usr/lib/sa/sadc Verify the file permissions are set to 555 or more restrictive. If not, this is a finding.
Fix Text
Open a terminal session and enter the following command. chmod 555 /usr/lib/sa/sadc
Additional Identifiers
Rule ID: SV-38239r1_rule
Vulnerability ID: V-25295
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
No controls are assigned to this check |