topic Re: Rapid 7 Vulnerability for world writable files in Administration and Deployment

Rapid 7 Vulnerability for world writable files

Aasth — Tue, 13 Aug 2019 14:53:42 GMT

We are seeing rapid 7 vulnerabilities on our sas servers for the following world writable files. Can the permissions of this files be changed without any impact to the services running?

* /sas/install/SASHome/Secure/sasexe/libccme_asym.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_base.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_base_non_fips.so (-rwxrwxrwx)

*/sas/install/SASHome/Secure/sasexe/libccme_ecc.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_ecc_accel_fips.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_ecc_accel_non_fips.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_ecc_non_fips.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_ecdrbg.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libccme_error_info.so (-rwxrwxrwx)

* /sas/install/SASHome/Secure/sasexe/libcryptocme.so (-rwxrwxrwx)

* /sas/install/gms_install/gms8.0.1_install/Install.log (-rw-rw-rw-)

* /sas/install/lsf/gms/log/gabd.log (-rw-rw-rw-)

* /sas/install/lsf/gms/log/gabd.log.back (-rw-rw-rw-)

* /sas/install/lsf/log/Install.log (-rw-rw-rw-)

* /sas/install/lsf/log/res.log.nlr1sasdev1.abcbs.net (-rw-rw-rw-)

* /sas/install/pm/9.1/install/Install.log (-rw-rw-rw-)

* /sas/install/pm_install/pm9.1.3.0_sas_pinstall/lsf9.1.3_lsfinstall/Install.err (-rw-rw-rw-)

* /sas/install/pm_install/pm9.1.3.0_sas_pinstall/lsf9.1.3_lsfinstall/Install.log (-rw-rw-rw-)

* /sas/install/pm_install/pm9.1.3.0_sas_pinstall/pm9.1.3.0_install/Install.err (-rw-rw-rw-)

* /sas/install/pm_install/pm9.1.3.0_sas_pinstall/pm9.1.3.0_install/Install.log (-rw-rw-rw

Re: Rapid 7 Vulnerability for world writable files

doug_sas — Tue, 13 Aug 2019 15:01:43 GMT

The libccme_* libraries can have all write bits turned off.

Install logs generally only need the write bit set for the user (i.e., the SAS install user or in this case the LSF/PM installer).

The LSF/PM operational logs need to have the user write bit set for the user running the daemon. Sometimes that is root and other times it is the primary grid administrator.

Re: Rapid 7 Vulnerability for world writable files

Aasth — Tue, 13 Aug 2019 15:24:31 GMT

Thank you for the response. In that case is 770 safe bet for all the listed files?

Re: Rapid 7 Vulnerability for world writable files

doug_sas — Tue, 13 Aug 2019 15:27:03 GMT

libccme_* files should have 555 since they are read-only shared libraries.

Logs can have 770.

Re: Rapid 7 Vulnerability for world writable files

Aasth — Tue, 13 Aug 2019 15:28:14 GMT

Thank you!