Information
The /dev/shm directory is a world-writable directory that can function as shared memory that facilitates inter process communication (IPC).
Making /dev/shm its own file system allows an administrator to set additional mount options such as the noexec option on the mount, making /dev/shm useless for an attacker to install executable code. It would also prevent an attacker from establishing a hard link to a system setuid program and wait for it to be updated. Once the program was updated, the hard link would be broken and the attacker would have his own copy of the program. If the program happened to have a security vulnerability, the attacker could continue to exploit the known flaw.
This can be accomplished by mounting tmpfs to /dev/shm
Solution
For specific configuration requirements of the /dev/shm mount for your environment, modify /etc/fstab
Example of using tmpfs with specific mount options:
tmpfs /dev/shm tmpfs defaults,rw,nosuid,nodev,noexec,relatime,size=2G 0 0
Impact:
Since the /dev/shm directory is intended to be world-writable, there is a risk of resource exhaustion if it is not bound to a separate partition.
/dev/shm utilizing tmpfs can be resized using the size={size} parameter in the relevant entry in /etc/fstab