Title

World-writable files must not exist. (Cat II impact)

Discussion

Data in world-writable files can be read, modified, and potentially compromised by any user on the system. World-writable files may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the system's integrity.

Check Content

The root role is required. Check for the existence of world-writable files. # find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \ -o -fstype ctfs -o -fstype mntfs -o -fstype objfs \ -o -fstype proc \) -prune -o -type f -perm -0002 -print If output is produced, this is a finding.

Fix Text

The root role is required. Change the permissions of the files identified in the check step to remove the world-writable permission. # pfexec chmod o-w [filename]

Additional Identifiers

Rule ID: SV-216434r603267_rule

Vulnerability ID: V-216434

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.