{"description": "For each element in root's path, run:\n<pre># ls -ld <i>DIR</i></pre>\nand ensure that write permissions are disabled for group and\nother.", "rationale": "Such entries increase the risk that root could\nexecute code provided by unprivileged users,\nand potentially malicious code.", "severity": "medium", "references": {"cis-csc": ["11", "3", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nist": ["CM-6(a)", "CM-6(a)"], "nist-csf": ["PR.IP-1"], "cis": ["5.4.2.5"]}, "control_references": {"cis": ["5.4.2.5"]}, "components": [], "identifiers": {}, "ocil_clause": "group or other write permissions exist", "ocil": "To ensure write permissions are disabled for group and other\n for each element in root's path, run the following command:\n<pre># ls -ld <i>DIR</i></pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure that Root's Path Does Not Include World or Group-Writable Directories", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/rule.yml", "template": null}