The Red Hat Enterprise Linux operating system must mount /dev/shm with the nosuid option.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-81011 | RHEL-07-021023 | SV-95723r2_rule | Low |
| Description |
|---|
| The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2019-03-08 |
Details
| Check Text ( C-80725r2_chk ) |
|---|
| Verify that the "nosuid" option is configured for /dev/shm: # cat /etc/fstab | grep /dev/shm tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0 If any results are returned and the "nosuid" option is not listed, this is a finding. Verify "/dev/shm" is mounted with the "nosuid" option: # mount | grep "/dev/shm" | grep nosuid If no results are returned, this is a finding. |
| Fix Text (F-87845r2_fix) |
|---|
| Configure the system so that /dev/shm is mounted with the "nosuid" option. |