Add noexec Option to /dev/shm The 'noexec' mount option can be used to prevent binaries from being executed out of '/dev/shm'. It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as '/dev/shm'. Add the 'noexec' option to the fourth column of '/etc/fstab' for the line which controls mounting of '/dev/shm'. Rationale: Allowing users to execute binaries from world-writable directories such as '/dev/shm' can expose the system to potential compromise. Fix: No Remediation Info oval:org.secpod.oval:def:30369 oval:org.secpod.oval:def:31092 SCAP Repo OVAL Definition 2015-11-13