CCE

CCE-94470-2

Platform: rhel8

Date: (C)2019-11-07   (M)2022-10-10

Verify that Shared Library Files Have Root Ownership System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: /lib /lib64 /usr/lib /usr/lib64 Kernel modules, which can be added to the kernel during runtime, are also stored in '/lib/modules'. All files in these directories should be owned by the 'root' user. If the directory, or any file in these directories, is found to be owned by a user other than root correct its ownership with the following command: '$ sudo chown root FILE'

Parameter:

Technical Mechanism:

Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system. Fix: for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 do if [ -d $LIBDIR ] then find -L $LIBDIR \! -user root -exec chown root \; fi done

CCSS Severity:		CCSS Metrics:
CCSS Score :		Attack Vector:
Exploit Score:		Attack Complexity:
Impact Score:		Privileges Required:
Severity:		User Interaction:
Vector:		Scope:
		Confidentiality:
		Integrity:
		Availability:

References:

Resource Id	Reference