Rule ID
SV-45177r1_rule
Version
V1R12
CCIs
System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.
Find all world-writable device files existing anywhere on the system. Procedure: # find / -perm -2 -a \( -type b -o -type c \) > devicelist Check the permissions on the directories above subdirectories containing device files. If any of the device files or their parent directories are world-writable, excepting device files specifically intended to be world-writable such as /dev/null, this is a finding.
Remove the world-writable permission from the device file(s). Procedure: # chmod o-w <device file> Document all changes.