Add nosuid Option to Removable Media PartitionsID: oval:org.secpod.oval:def:25991 | Date: (C)2015-08-21 (M)2023-07-04 |
Class: COMPLIANCE | Family: unix |
The nosuid mount option prevents set-user-identifier (suid) and set-group-identifier (sgid) permissions from taking effect. These permissions allow users to execute binaries with the same permissions as the owner and group of the file respectively. Users should not be allowed to introduce suid and guid files into the system via partitions mounted from removeable media.