The AIX ldd command must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215329 | AIX7-00-003016 | SV-215329r991589_rule | CCI-000366 | medium |
| Description | ||||
| The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some ldd implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running ldd. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Details
Check Text (C-215329r991589_chk)
Consult vendor documentation concerning the "ldd" command.
If the command provides protection from the execution of untrusted executables, this is not a finding.
Determine the location of the system's "ldd" command:
# find / -name ldd
If no file exists, this is not a finding.
Check the permissions of the found "ldd" file:
# ls -lL <path to ldd>
---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd
If the file mode of the file is more permissive than "0000", this is a finding
Fix Text (F-16525r294439_fix)
Disable the "ldd" command by removing its permissions using command:
# chmod 0000 <path to ldd>