The AIX ldd command must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-91619 | AIX7-00-003016 | SV-101717r1_rule | Medium |
| Description |
|---|
| The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some ldd implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running ldd. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2019-04-29 |
Details
| Check Text ( C-90773r3_chk ) |
|---|
| Consult vendor documentation concerning the "ldd" command. If the command provides protection from the execution of untrusted executables, this is not a finding. Determine the location of the system's "ldd" command: # find / -name ldd If no file exists, this is not a finding. Check the permissions of the found "ldd" file: # ls -lL ---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd If the file mode of the file is more permissive than "0000", this is a finding |
| Fix Text (F-97817r1_fix) |
|---|
| Disable the "ldd" command by removing its permissions using command: # chmod 0000 |