Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CCE-28328-3] global_umask #30

Closed
macosforgebot opened this issue Jun 3, 2013 · 3 comments
Closed

[CCE-28328-3] global_umask #30

macosforgebot opened this issue Jun 3, 2013 · 3 comments

Comments

@macosforgebot
Copy link

@DewSecGitHub originally submitted this as ticket:29

  • Version: Beta
  • Keywords: Settings, Review

CCE#: CCE-28328-3
Setting Name: global_umask
Description: Initializes a umask value for processes spawned from launchd (which is most everything).

Parameters: N / A
Technical Mechanism: Use "launchctl umask X" to set the umask to X.

Reference: NIST SCM rules for OSX specify 027.

Function: Access-Control

Rationale: Unless specifically overridden when files are created by a user, this setting systematically reduces access rights of other users to the created files.


SOHO: umask is 077
Enterprise: umask is 077
SSLF: umask is 077


Additional Mechanism: N / A


OVAL Content: N / A


Comment:

@macosforgebot
Copy link
Author

@DewSecGitHub originally submitted this as comment:1:⁠ticket:29

  • Status changed from new to accepted

@macosforgebot
Copy link
Author

dubs@… originally submitted this as comment:2:⁠ticket:29


This needs clarification as it has both 77 and 27 as possible settings.

The default 10.8 umask is 22

@macosforgebot
Copy link
Author

blank@… originally submitted this as comment:3:⁠ticket:29

  • Status changed from accepted to closed
  • Resolution set to R8 - Completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants