Information
The nosuid mount option specifies that the filesystem cannot contain setuid files.
Rationale:
Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them.
Solution
Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /dev/shm partition. See the fstab(5) manual page for more information.
Run the following command to remount /dev/shm:
# mount -o remount,nosuid /dev/shm
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv6|13, CSCv7|5.1
Control ID: 74214f9e487cd1f83318ea697e721ae6888b1c53f9dbf4510ee21c1ba91dd764