4.5.1.5 CDE - sgid/suid binary lockdown

Information

CDE buffer overflow vulnerabilities may be exploited by a local user to obtain root privilege via suid/sgid programs owned by root:bin or root:sys.

Rationale:

CDE has been associated with major security risks, most of which are buffer overflow vulnerabilities. These vulnerabilities may be exploited by a local user to obtain root privilege via suid/sgid programs owned by root:bin or root:sys. It is recommended that the CDE binaries have the suid/sgid removed.

Solution

Remove the suid/sgid from the following CDE binaries:

chmod ug-s /usr/dt/bin/dtaction
chmod ug-s /usr/dt/bin/dtappgather
chmod ug-s /usr/dt/bin/dtprintinfo
chmod ug-s /usr/dt/bin/dtsession

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: Unix

Control ID: 8531d4a297a8604354b640973c6492896acc14ce6c3190196cf899991699ef50