UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Files executed through a mail aliases file must be group-owned by root, bin, or sys, and must reside within a directory group-owned by root, bin, or sys.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22440 GEN004410 SV-39904r1_rule ECLP-1 Medium
Description
If a file executed through a mail aliases file is not group-owned by root or a system group, it may be subject to unauthorized modification. Unauthorized modification of files executed through aliases may allow unauthorized users to attain root privileges.
STIG Date
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-04-10

Details

Check Text ( C-38925r1_chk )
Examine the contents of the /etc/mail/aliases file.
For each file referenced, check the group ownership of the file.

Procedure:
# ls -lL

If the group owner of any file is not root, bin, or sys, this is a finding.
Fix Text (F-34063r1_fix)
Change the group ownership of the file referenced from /etc/mail/aliases.

Procedure:
# chgrp root