Run control scripts must not execute world writable programs or scripts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216069 | SOL-11.1-020350 | SV-216069r959010_rule | CCI-000366 | medium |
| Description | ||||
| World writable files could be modified accidentally or maliciously to compromise system integrity. | ||||
| STIG | Date | |||
| Solaris 11 X86 Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-216069r959010_chk)
Check the permissions on the files or scripts executed from system startup scripts to see if they are world writable.
Create a list of all potential run command level scripts.
# ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "
Create a list of world writable files.
# find / -perm -002 -type f >> WorldWritableFileList
Determine if any of the world writeable files in "WorldWritableFileList" are called from the run command level scripts.
Note: Depending upon the number of scripts vs. world writable files, it may be easier to inspect the scripts manually.
# more `ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`
If any system startup script executes any file or script that is world writable, this is a finding.
Fix Text (F-17305r372590_fix)
Remove the world writable permission from programs or scripts executed by run control scripts.
Procedure:
# chmod o-w <program or script executed from run control script>