World writable directories in PATH (UNIX)

Module: User Files

The check reports world-writable directories that are listed in user PATH variables. Use the check's name list to exclude or include users and user groups that are not already included or excluded by the Users to check option. Enable one, but not both, of the PATH (using su) or PATH (modifying startup script) options before executing this security check.

The following table lists the error message for the check.

Table: Error message for World writable directories in PATH

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: System Error

UNIX (5458)

Title: World writable directory in user path

Description:The named, world-writable directory is listed in the named user's PATH variable. This allows all users to create files that could "spoof" this user by placing a new file with the name of a common command like "ls" in the named directory. This can be a serious security problem. You should remove world write permissions from the named directory (chmod o-w filename) or remove the directory from the user's path.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]