STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Run control scripts must not execute world-writable programs or scripts.

DISA Rule

SV-226541r603265_rule

Vulnerability Number

V-226541

Group Title

SRG-OS-000480

Rule Version

GEN001640

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Remove the world-writable permission from programs or scripts executed by run control scripts.

Procedure:
# chmod o-w <program or script executed from run control script>

Check Contents

Check the permissions on the files or scripts executed from system startup scripts to see if they are world-writable.
Create a list of all potential run command level scripts.
# ls -l /etc/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "
OR
# ls -l /sbin/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "

Create a list of world writeable files.
# find / -perm -002 -type f >> worldWriteableFileList

Determine if any of the world writeable files in worldWriteableFileList are called from the run command level scripts. Note: Depending upon the number of scripts vs world writeable files, it may be easier to inspect the scripts manually.
# more `ls -l /etc/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`
OR
# more `ls -l /sbin/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`

If any system startup script executes any file or script that is world-writable, this is a finding.

Run control scripts must not execute world-writable programs or scripts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments