5.3 Disabling Core Dumps

Core dumps can contain information that an attacker might be able to exploit and they take up a large amount of disk space. To prevent the system creating core dumps when the operating system terminates a program due to a segment violation or other unexpected error, add the following line to /etc/security/limits.conf:

*  hard  core  0

You can restrict access to core dumps to certain users or groups, as described in the limits.conf(5) manual page.

By default, the system prevents setuid and setgid programs, programs that have changed credentials, and programs whose binaries do not have read permission from dumping core. To ensure that the setting is permanently recorded, add the following lines to /etc/sysctl.conf:

# Disallow core dumping by setuid and setgid programs
fs.suid_dumpable = 0

and then run the sysctl -p command.

Note

A value of 1 permits core dumps that are readable by the owner of the dumping process. A value of 2 permits core dumps that are readable only by root for debugging purposes.