Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-936 | GEN005900 | SV-37860r1_rule | ECPA-1 | Medium |
Description |
---|
Enabling the nosuid mount option prevents the system from granting owner or group-owner privileges to programs with the suid or sgid bit set. If the system does not restrict this access, users with unprivileged access to the local system may be able to acquire privileged access by executing suid or sgid files located on the mounted NFS file system. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2013-07-03 |
Check Text ( C-37069r1_chk ) |
---|
Check the system for NFS mounts not using the "nosuid" option. Procedure: # mount -v | grep " type nfs " | egrep -v "nosuid" If the mounted file systems do not have the "nosuid" option, this is a finding. |
Fix Text (F-32336r1_fix) |
---|
Edit "/etc/fstab" and add the "nosuid" option for all NFS file systems. Remount the NFS file systems to make the change take effect. |