Title

The "at" daemon must not execute programs in, or subordinate to, world-writable directories. (Cat II impact)

Discussion

If "at" programs are located in or subordinate to world-writable directories, they become vulnerable to removal and replacement by malicious users or system intruders.

Check Content

List any "at" jobs on the system. Procedure: # ls /var/spool/cron/atjobs For each "at" job, determine which programs are executed. Procedure: # more <at job file> Check the directory containing each program executed by "at" for world-writable permissions. Procedure: # ls -la <at program file directory> If "at" executes programs in world-writable directories, this is a finding.

Fix Text

Remove the world-writable permission from directories containing programs executed by "at". Procedure: # chmod o-w <at program directory>

Additional Identifiers

Rule ID: SV-226865r603265_rule

Vulnerability ID: V-226865

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.