Add noexec Option to /dev/shm
The 'noexec' mount option can be used to prevent binaries
from being executed out of '/dev/shm'.
It can be dangerous to allow the execution of binaries
from world-writable temporary storage directories such as '/dev/shm'.
Add the 'noexec' option to the fourth column of '/etc/fstab' for the line which controls mounting of '/dev/shm'.
Rationale:
Allowing users to execute binaries from world-writable directories
such as '/dev/shm' can expose the system to potential compromise.
Fix:
No Remediation Info
oval:org.secpod.oval:def:30369
oval:org.secpod.oval:def:31092
SCAP Repo OVAL Definition
2015-11-13