CCE-91818-5| Platform: macosx10.13 | Date: (C)2018-02-22 (M)2022-10-10 |
Set the Global Umask Setting for the System
The default global umask setting must be set to '022' for system processes. The setting '022' ensures that system process created files and directories will only be readable by other users and processes, not writable. This mitigates the risk that unauthorized users might be able to write to files and directories created by system processes. A more restrictive setting could potentially break the normal functionality of the system.
Parameter:
umask /etc/launchd.conf
Technical Mechanism:
To view the umask setting, run the following command:
umask
If the setting is not '0022', this is a finding.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| NIST | CM-6 b |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:44311 |
