- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Knowledge Base
- :
- Why /dev/shm folder structure has world write access?
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Why /dev/shm folder structure has world write access?
Why /dev/shm folder structure has world write access?
At couple of customer sites, internal technical audit tools are complaining about the world-level read/write access to /dev/shm/.flexnetFS file system.
The ask is if that's necessary and can not be avoided?
Report:
SoC ID: 3.65-9/2.0 No world writable files may exist. World writable files are files that can be accessed by all users of a system. Such files must be identified and the rights of the corresponding files must be adjusted to an adequate level. Motivation: Data in world writable files can be read, changed and possibly compromised by any user of a system. The following threats are relevant to this requirement: Unauthorized viewing or access to data Unauthorized modification of data command to check: find / -type f ! -path "/proc/" ! -path "/sys/" ( -perm -o+w ) -exec ls -adl {} \; rw-rw-rw. 1 nuance nuance 0 Feb 24 11:26 /dev/shm/.flexnetfs Please check the access rights of this file and if this can be subject of change to meet the requirements.
Answer:
/dev/shm/.flexnetFS is a lock-file located in transitory shared memory. It is used in the initialization and maintenance of the FlexNet file-system.
Any Flexnet-enabled process, owned by any user, could potentially access or recreate this lock-file.
Typically it contains no content but would not be affected even if the content were added. If deleted, it will simply be regenerated by the next Flexnet-enabled process that tries to access it. For that reason, it is required to have full-world access and poses no security risk.
Also, it is important to note that FNP is having its own bespoke security protocols that do not rely on the host operating-system's native user privileges/file permissions.