The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Core dumps can contain information that an attacker might be able to exploit and they take
up a large amount of disk space. To prevent the system creating core dumps when the operating
system terminates a program due to a segment violation or other unexpected error, add the
following line to
/etc/security/limits.conf
:
* hard core 0
You can restrict access to core dumps to certain users or groups, as described in the
limits.conf(5)
manual page.
By default, the system prevents setuid
and setgid
programs, programs that have changed credentials, and programs whose binaries do not have read
permission from dumping core. To ensure that the setting is permanently recorded, add the
following lines to
/etc/sysctl.conf
:
# Disallow core dumping by setuid and setgid programs fs.suid_dumpable = 0
and then run the sysctl -p command.
A value of 1 permits core dumps that are readable by the owner of the dumping process. A value
of 2 permits core dumps that are readable only by root
for debugging
purposes.