5.1.2 Check System Wide Applications for appropriate permissions

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on the system. They should not be world writable and allow any process or user to alter them for other processes or users to then execute modified versions

Rationale:

Unauthorized modifications of applications could lead to the execution of malicious code.

Solution

Change permissions so that 'Others' can only execute. (Example Below)

sudo chmod -R o-w /Applications/Bad/Permissions.app/

See Also

https://workbench.cisecurity.org/files/2105

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)

Plugin: Unix

Control ID: fcd236809cece0aab7d1c35abfb3d7b48ad58e8cbe19a6a7df9c9fd747ba3b34