What are the effects of changing mount options with nodev,noexec,nosuid on /tmp and /dev/shm?
Issue
For any organisation conducting a security audit. Some audits might recommend
the following changes in fstab.
How evident are these changes to affect an ongoing production system?
Recommended Corrective Control: "Restrict the actions that can be performed
on partitions via the /etc/fstab as follows:
• Add nodev, nosuid and noexec option to /dev/shm
• Add nodev, nosuid, and noexec option to /tmp
Environment
Red Hat Enterprise Linux - 5.6
device-mapper-multipath - 0.4.7-17
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.