File system setuid protection (UNIX)

Module: Startup Files

This check reports a problem if setuid files on Solaris operating systems are allowed on a writable local file system. Other file systems should be mounted with the nosuid option whenever possible. Because the root partition should not be mounted with the nosuid option, it is included in exclude list by default. Only Local file systems are examined. It is critical that the administrator have a good understanding of mounted file systems before making changes because mistakes could render the system useless.

The following table lists the error message for the check.

Table: Error message for File system setuid protection

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_MOUNT_ALLOWS_RW_OR_SUID Category: Policy Compliance	UNIX (5869)	Title: Mount point allows write access to setuid files Description:The named mount point allows write access to setuid or setgid files. All setuid or setgid files should reside on the /usr partition, and that partition should be mounted with the ro (read-only) option. All other partitions should be mounted with the nosuid option if possible.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_MOUNT_ALLOWS_RW_OR_SUID

Category: Policy Compliance

UNIX (5869)

Title: Mount point allows write access to setuid files

Description:The named mount point allows write access to setuid or setgid files. All setuid or setgid files should reside on the /usr partition, and that partition should be mounted with the ro (read-only) option. All other partitions should be mounted with the nosuid option if possible.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]