Why /dev/shm folder structure has world write access?

Why /dev/shm folder structure has world write access?

At couple of customer sites, internal technical audit tools are complaining about the world-level read/write access to /dev/shm/.flexnetFS file system.

The ask is if that's necessary and can not be avoided?

Report:

SoC ID: 3.65-9/2.0 No world writable files may exist.
World writable files are files that can be accessed by all users of a system. Such files must be identified and the rights of the corresponding files must be adjusted to an adequate level.
Motivation: Data in world writable files can be read, changed and possibly compromised by any user of a system.
The following threats are relevant to this requirement:
Unauthorized viewing or access to data
Unauthorized modification of data
command to check:
find / -type f ! -path "/proc/" ! -path "/sys/" ( -perm -o+w ) -exec ls -adl {} \;
rw-rw-rw. 1 nuance nuance 0 Feb 24 11:26 /dev/shm/.flexnetfs
Please check the access rights of this file and if this can be subject of change to meet the requirements. 

 

 Answer:

 

/dev/shm/.flexnetFS is a lock-file located in transitory shared memory. It is used in the initialization and maintenance of the FlexNet file-system.
Any Flexnet-enabled process, owned by any user, could potentially access or recreate this lock-file.


Typically it contains no content but would not be affected even if the content were added. If deleted, it will simply be regenerated by the next Flexnet-enabled process that tries to access it. For that reason, it is required to have full-world access and poses no security risk.

 

Also, it is important to note that FNP is having its own bespoke security protocols that do not rely on the host operating-system's native user privileges/file permissions.

 

Tags (2)
Was this article helpful? Yes No
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Mar 11, 2021 03:56 AM
Updated by:
 
Contributors