CCE-90623-0Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Add nosuid Option to Removable Media Partitions
The 'nosuid' mount option prevents set-user-identifier (SUID)
and set-group-identifier (SGID) permissions from taking effect. These permissions
allow users to execute binaries with the same permissions as the owner and group
of the file respectively. Users should not be allowed to introduce SUID and SGID
files into the system via partitions mounted from removeable media.
Parameter:
Technical Mechanism:
Add the 'nosuid' option to the fourth column of '/etc/fstab' for the line which controls mounting of any removable media partitions.
Rationale:
The presence of SUID and SGID executables should be tightly controlled. Allowing
users to introduce SUID or SGID binaries from partitions mounted off of
removable media would allow them to introduce their own highly-privileged programs.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30314 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31037 |