5.1.3 Check System Wide Applications for appropriate permissions

Information

Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on the system. They should not be world writable and allow any process or user to alter them for other processes or users to then execute modified versions Unauthorized modifications of applications could lead to the execution of malicious code.

Solution

Change permissions so that "Others" can only execute. (Example Below) sudo chmod -R o-w /Applications/Bad Permissions.app/ Impact: Applications changed will no longer be world writable

See Also

https://workbench.cisecurity.org/files/299

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b)

Plugin: Unix

Control ID: fa7ad78665f5824336a3a8461cf8dc7f48bc4f059782faeb0346ad79fe04b89c