{"description": "To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=0</pre>\nTo make sure that the setting is persistent, add the following line to a file in the directory <tt>/etc/sysctl.d</tt>: <pre>fs.suid_dumpable = 0</pre>", "rationale": "The core dump of a setuid program is more likely to contain\nsensitive data, as the program itself runs with greater privileges than the\nuser who initiated execution of the program.  Disabling the ability for any\nsetuid program to write a core file decreases the risk of unauthorized access\nof such data.", "severity": "medium", "references": {"hipaa": ["164.308(a)(1)(ii)(D)", "164.308(a)(3)", "164.308(a)(4)", "164.310(b)", "164.310(c)", "164.312(a)", "164.312(e)"], "nist": ["SI-11(a)", "SI-11(b)"], "anssi": ["R14"], "cis": ["1.5.3"], "pcidss4": ["3.3.1.1", "3.3.1", "3.3"]}, "control_references": {"anssi": ["R14"], "cis": ["1.5.3"], "pcidss4": ["3.3.1.1", "3.3.1", "3.3"]}, "components": [], "identifiers": {}, "ocil_clause": "the correct value is not returned", "ocil": "The runtime status of the <code>fs.suid_dumpable</code> kernel parameter can be queried\nby running the following command:\n<pre>$ sysctl fs.suid_dumpable</pre>\n<code>0</code>.\n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "sysctl_fs_suid_dumpable.sh", "relative_path": "ubuntu2204/checks/sce/sysctl_fs_suid_dumpable.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Disable Core Dumps for SUID programs", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml", "template": {"name": "sysctl", "vars": {"sysctlvar": "fs.suid_dumpable", "sysctlval": "0", "datatype": "int"}, "backends": {}}}