Code [embed]
The embedded references are formatted as
pathname_1->pathname_2->pathname_3...
which indicates that pathname_1 is a string embedded in the binary pointed to by pathname_2, which in turn is a string embedded in pathname_3. Or, to read it the other way around, pathname_3 refers to pathname_2 which refers to pathname_1.
Code [embed001w]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated pathname to an executable contains a component which is not owned by root. This can enable an intruder to gain unauthorized privileges if they are able to replace the binary. See the 'rationale' explanation for a discussion of the reasons that executables run by root should be owned by root.
Code [embed001i]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated pathname to a file or directory contains a component which is not owned by root. This may indicate a vulnerability in the system. It will be necessary to study the programs in which the pathname was found to determine whether there is a problem.
Code [embed002w]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated executable is not owned by owned by root. This can enable an intruder to gain unauthorized privileges if they are able to overwrite the executable. See the 'rationale' explanation for a discussion of the reasons that executables run by root should be owned by root.
Note that if the executable is setuid to a non-root ID, then the ownershop should *NOT* be changed to root unless the setuid bit is also removed.
Code [embed002i]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated file or directory is not owned by root. This may indicate a vulnerability in the system. It will be necessary to study the programs in which the pathname was found to determine whether there is a problem.
Code [embed003w]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated pathname to an executable contains a component which is group writable, world writable or both. This can enable an intruder to gain unauthorized privileges if they are able to replace the executable.
Code [embed003i]
See the 'embed' explanation for an explanation of the format of the embedded references.
The indicated pathname to a file or directory contains a component which is group writable, world writable or both. This may indicate a vulnerability in the system. It will be necessary to study the file and programs in which the pathname was found to determine whether there is a problem.
Code [embed004w]
See the 'embed' explanation for an explanation of the format of the embedded references.
The executable is group writable, world writable or both. This can enable an intruder to gain unauthorized privileges if they are able to overwrite the executable.
Code [embed004i]
See the 'embed' explanation for an explanation of the format of the embedded references.
The file or directory is group writable, world writable or both. This may indicate a vulnerability in the system. It will be necessary to study the file and programs in which the pathname was found to determine whether there is a problem.