CME-502

noexec on /tmp and /dev/shm

Harden OS/Kernel High Confidence

Description

Mounts /tmp and /dev/shm with noexec option, preventing execution of attacker-dropped binaries or scripts from temporary directories commonly used as staging areas.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Attacker cannot execute payloads from common writable directories

CWE Relationships

CWE-94 CWE-427

Verification

Check mount options for /tmp and /dev/shm

$ mount | grep '/tmp' | grep noexec
# Expected: noexec
Platform: linux
$ mount | grep '/dev/shm' | grep noexec
# Expected: noexec
Platform: linux

References

  • CIS RHEL 9 Benchmark — 1.1.4-1.1.9 Ensure noexec option set on /tmp and /dev/shm
← CME-501: Read-Only Root Filesystem CME-503: nosuid on Non-Root Partitions →