← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279105

CAT II (Medium)

ColdFusion must protect newly created objects.

Rule ID

SV-279105r1171428_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

During operation, ColdFusion may create objects such as files to store parameters or log data, or pipes to share data between objects. When the objects are created, it is important that the newly created object has the correct permissions. This can be performed by assigning the proper umask value to the running process. For the ColdFusion service, the umask must be set to 007 or more restrictive.

Check Content

For ColdFusion running on Windows, this finding is not applicable.
 
ColdFusion running on Linux:
1. Locate the file "sysinit" in the bin directory under the ColdFusion instance directory. For example, the file could be found at \opt\coldfusion2023\cfusion\bin\sysinit, if the ColdFusion instance directory was \opt\coldfusion2023\cfusion.

2. Edit the "sysinit" file.

3. Locate the umask setting. It must be located near the top of the file, but below the #description comment.
 
If the umask is not set to 007 or more restrictive, this is a finding.

Fix Text

For ColdFusion running on Windows, this finding is not applicable.
 
ColdFusion running on Linux:
1. Locate the file "sysinit" in the bin directory under the ColdFusion instance directory. For example, the file could be found at \opt\coldfusion2023\cfusion\bin\sysinit, if the ColdFusion instance directory was \opt\coldfusion2023\cfusion.

2. Edit the "sysinit" file.

3. Locate the umask setting. It must be located near the top of the file, but below the #description comment.
 
4. Set umask setting to 007 or more restrictive.

5. Save and close the file.