5.1.2 Check System Wide Applications for appropriate permissions

Information

Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on the system. They should not be world writable and allow any process or user to alter them for other processes or users to then execute modified versions

Rationale:

Unauthorized modifications of applications could lead to the execution of malicious code.

Impact:

Applications changed will no longer be world writable

Solution

Change permissions so that 'Others' can only execute. (Example Below)

sudo chmod -R o-w /Applications/BadPermissions.app/

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b)

Plugin: Unix

Control ID: 11e082bac8768d2176acbc43f772b29455afe613a076d32e1e35579892880907