nosuid mount option is not enabled for /var/tmp directory
Description
Setuid, which stands for set user ID on execution, is a special type of file permission in Linux. When an executable file's setuid permission is set by the file owner, other users may execute that program with a level of access that matches the user who owns the file. Since the /var/tmp directory is a world-writable directory, that can be accessed by all users. Therefore, it's recommended to enable the nosuid mount option for /var/tmp directory, so that /var/tmp directory can't cannot contain setuid files.
Severity
important
Category
Linux - Mounting Options Security
Resolution
Follow the below steps to resolve the misconfiguration.
Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /var/tmp partition.
Run the following command to remount /var/tmp :
mount -o remount,nosuid /var/tmp
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
