Title

There is no documented baseline of the default setuid and setgid files. (Cat II impact)

Discussion

There are programs that have setuid and setgid flags set within the Sun Ray server. Setuid is a flag that allows an application to temporarily change the permissions of the user running the application by setting the effective user ID to the program owner’s user ID. Setgid is a flag that allows an application to temporarily change the permissions of the group running the application by setting the effective group ID to the program owner’s group ID. aseline of these applications will ensure that any unauthorized modifications to these files will detected. Several programs on the Sun Ray server have setuid and setgid flags installed by default. Disabling any of the setgid or setuid applications will result in problems with the Sun Ray system. Furthermore, having a documented baseline of these applications will ensure that any unauthorized modifications to these files will be detected.

Check Content

On the Sun Ray server perform the following: # find /opt –perm -4000 If the result does not return the following output only, this is a finding. /opt/SUNWut/lib/utrcmd /opt/SUNWut/lib/utguiauth /opt/SUNWut/lib/utprefs-helper /opt/SUNWut/lib/utdomount /opt/SUNWut/bin/utaudio /opt/SUNWut/bin/utxconfig # find /opt –perm -2000 If the result does not return the following output only, this is a finding. /opt/SUNuttsc/lib/uttsc-bin Ensure the documented setuid and setgid match the output above. If not, this is a finding.

Fix Text

Document the setuid and setgid files on the Sun Ray system.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16379

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.