Description of problem:
/usr/lib/polkit-1/polkit-agent-helper-1 permissions according to rpm database:
# rpm -q --queryformat="[%{FILEMODES:perms} %{FILENAMES}\n]" polkit | grep polkit-agent-helper-1
-rwsr-xr-x /usr/lib/polkit-1/polkit-agent-helper-1
It conflicts with file_permissions_library_dirs rule that expects all files in /lib, /lib64, /usr/lib, and /usr/lib64 directories to have 0755 or stricter permissions.
When both rules, file_permissions_library_dirs and rpm_verify_permission, are included in a profile (E8 profile), one of them will fail after remediations:
-rwxr-xr-x /usr/lib/polkit-1/polkit-agent-helper-1
file_permissions_library_dirs pass, rpm_verify_permission fail because permissions are incorrect according to rpm database
-rwsr-xr-x /usr/lib/polkit-1/polkit-agent-helper-1
rpm_verify_permission pass, file_permissions_library_dirs fail because permissions have setuid bit
SCAP Security Guide Version:
abcfadc
Description of problem:
/usr/lib/polkit-1/polkit-agent-helper-1permissions according to rpm database:It conflicts with
file_permissions_library_dirsrule that expects all files in/lib,/lib64,/usr/lib, and/usr/lib64directories to have0755or stricter permissions.When both rules,
file_permissions_library_dirsandrpm_verify_permission, are included in a profile (E8 profile), one of them will fail after remediations:-rwxr-xr-x /usr/lib/polkit-1/polkit-agent-helper-1file_permissions_library_dirspass,rpm_verify_permissionfail because permissions are incorrect according to rpm database-rwsr-xr-x /usr/lib/polkit-1/polkit-agent-helper-1rpm_verify_permissionpass,file_permissions_library_dirsfail because permissions have setuid bitSCAP Security Guide Version:
abcfadc