world-writeable root/sys files, directories - HP UX

This is a discussion on world-writeable root/sys files, directories - HP UX ; My company recently had a Sarbanes-Oxley audit done, and some flags were raised during the audit about HP-UX security. One thing the auditors questioned was: shoulld ther be any world-writeable files and directories belonging to root-sys.. It appears that many ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: world-writeable root/sys files, directories

  1. world-writeable root/sys files, directories

    My company recently had a Sarbanes-Oxley audit done, and some flags
    were raised during the audit about HP-UX security. One thing the
    auditors questioned was: shoulld ther be any world-writeable files and
    directories belonging to root-sys.. It appears that many of the
    directories involved belong to Navisphere and Omniback. Just
    wondering if anyone knows if those directories need to keep their
    permissions like this (and can explain why).. Thanks.


  2. Re: world-writeable root/sys files, directories

    On 2006-07-26, gbruner@gmail.com wrote:
    > My company recently had a Sarbanes-Oxley audit done, and some flags
    > were raised during the audit about HP-UX security. One thing the
    > auditors questioned was: shoulld ther be any world-writeable files and
    > directories belonging to root-sys.. It appears that many of the
    > directories involved belong to Navisphere and Omniback. Just
    > wondering if anyone knows if those directories need to keep their
    > permissions like this (and can explain why).. Thanks.


    World-writable directories are always trouble.

    I say there's never a reason to have a world-writable file nor
    a have a world-writable directory without the sticky bit.

    It's not a matter of who they belong to but what they are used for.

    Then I think the openview webserver by default creates world-writable
    files and directories and runs as bin. It's enough to make you think
    discretionary access control was one of the worst mistakes of the century.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    One of my other 11 computers runs Minix.

+ Reply to Thread