|
Home > Archive > Unix Programming > July 2006 > world-writeable root/sys files, directories
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
world-writeable root/sys files, directories
|
|
| gbruner@gmail.com 2006-07-26, 1:26 pm |
| My company recently had a Sarbanes-Oxley audit done, and some flags
were raised during the audit about HP-UX security. One thing the
auditors questioned was: shoulld ther be any world-writeable files and
directories belonging to root-sys.. It appears that many of the
directories involved belong to Navisphere and Omniback. Just
wondering if anyone knows if those directories need to keep their
permissions like this (and can explain why).. Thanks.
| |
| all mail refused 2006-07-26, 7:28 pm |
| On 2006-07-26, gbruner@gmail.com <gbruner@gmail.com> wrote:
> My company recently had a Sarbanes-Oxley audit done, and some flags
> were raised during the audit about HP-UX security. One thing the
> auditors questioned was: shoulld ther be any world-writeable files and
> directories belonging to root-sys.. It appears that many of the
> directories involved belong to Navisphere and Omniback. Just
> wondering if anyone knows if those directories need to keep their
> permissions like this (and can explain why).. Thanks.
World-writable directories are always trouble.
I say there's never a reason to have a world-writable file nor
a have a world-writable directory without the sticky bit.
It's not a matter of who they belong to but what they are used for.
Then I think the openview webserver by default creates world-writable
files and directories and runs as bin. It's enough to make you think
discretionary access control was one of the worst mistakes of the century.
--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/
One of my other 11 computers runs Minix.
|
|
|
|
|