Security audit software flags /system/contract/process/<PID>/ctl entries as world-writable (Doc ID 1308086.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 10 3/05 and later
Information in this document applies to any platform.

Symptoms

Security auditing software flags the ctl entry in the /system/contract/process/<PID>/ directories as being a security risk, since they appear to be world-writable.

Below is an example directory listing showing the entry in question.

/system/contract/process/31> ls -l
total 0
--w--w--w- 1 root root 0 Mar 9 13:06 ctl
-r--r--r-- 1 root root 0 Mar 9 13:06 events
-r--r--r-- 1 root root 0 Mar 9 13:06 status

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms