New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CCE-28328-3] global_umask #30

Closed
macosforgebot opened this Issue Jun 3, 2013 · 3 comments

Comments

@macosforgebot
Copy link

macosforgebot commented Jun 3, 2013

@DewSecGitHub originally submitted this as ticket:29

  • Version: Beta
  • Keywords: Settings, Review

CCE#: CCE-28328-3
Setting Name: global_umask
Description: Initializes a umask value for processes spawned from launchd (which is most everything).

Parameters: N / A
Technical Mechanism: Use "launchctl umask X" to set the umask to X.

Reference: NIST SCM rules for OSX specify 027.

Function: Access-Control

Rationale: Unless specifically overridden when files are created by a user, this setting systematically reduces access rights of other users to the created files.


SOHO: umask is 077
Enterprise: umask is 077
SSLF: umask is 077


Additional Mechanism: N / A


OVAL Content: N / A


Comment:

@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Jun 3, 2013

@DewSecGitHub originally submitted this as comment:1:⁠ticket:29

  • Status changed from new to accepted
@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Jun 6, 2013

dubs@… originally submitted this as comment:2:⁠ticket:29


This needs clarification as it has both 77 and 27 as possible settings.

The default 10.8 umask is 22

@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Aug 6, 2014

blank@… originally submitted this as comment:3:⁠ticket:29

  • Status changed from accepted to closed
  • Resolution set to R8 - Completed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment