Details

Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on the system. They should not be world writable and allow any process or user to alter them for other processes or users to then execute modified versions

Rationale:

Unauthorized modifications of applications could lead to the execution of malicious code.

Impact:

Applications changed will no longer be world writable

Solution

Change permissions so that ‘Others’ can only execute. (Example Below)

sudo chmod -R o-w /Applications/BadPermissions.app/

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3092

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-6(7)(b)

Source

• Tenable.com/audits