Description of problem: This package has bad permission on 2 files allowing group root writing. The DISA STIG security settings mandates permissions of 755 or less instead. Not fixing this will cause scanner failures when checking system security settings. Version-Release number of selected component (if applicable): redhat-rpm-config-9.1.0-61.el7.noarch Actual results: GEN001300: /usr/lib/rpm/redhat/config.guess is 775 should be 0755 or less GEN001300: /usr/lib/rpm/redhat/config.sub is 775 should be 0755 or less
config.{sub|guess} copies tripping up security scanners seems mildly hysterical but sure, there's no reason they need to be 775.
Fixed in redhat-rpm-config-9.1.0-62.el7
Thanks! The reason this is important is we have a number of apps that do not drop supplemental groups and they retain group root. So, anything writable by the root group could be altered by an app that has a security vulnerability that did not drop supplemental groups correctly.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.