4.1 Restrict Core Dumps - 'hard core 0'

Information

A core dump is the memory of an executable program. It is generally used to determine
why a program aborted. It can also be used to glean confidential information from a core
file. The system provides the ability to set a soft limit for core dumps, but this can be
overridden by the user.

*Rationale*

Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
dumps are required, consider setting limits for user groups (see limits.conf(5)). In
addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
dumping core. The apport service if active will override the fs.suid_dumpable variable
setting and automatically create core dump reports. The whoopsie service monitors apport
core dump reports and transmits them to Canonical.

Solution

Add the following line to the /etc/security/limits.conf file.* hard core 0Add the following line to the /etc/sysctl.conf file.
fs.suid_dumpable = 0Uninstall the apport and whoopsie packages or comment out any start lines in
/etc/init/apport.conf and /etc/init/whoopsie.conf files-#start on runlevel [2345]

See Also

https://workbench.cisecurity.org/files/91

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10)

Plugin: Unix

Control ID: a150b5fc9c786d2c08808b5cc275283d40a0a5e70b7b448a5b4be765d728925e