Profile Applicability:
• Level 1
Description:
Core dumps capture the memory state of a process when it crashes, including backtraces. Backtraces in core dumps can reveal sensitive information such as memory addresses and program flow, which attackers could exploit.
Rationale:
Disabling backtraces in core dumps helps prevent leakage of sensitive runtime information, reducing the risk of information disclosure vulnerabilities.
Impact:
Pros:
Protects sensitive memory and debugging information from exposure.
Reduces attack surface related to core dump analysis.
Cons:
May limit debugging capabilities during crash investigations.
Default Value:
By default, core dumps with backtraces may be enabled depending on system configuration.
Pre-requisites:
Root or sudo privileges to configure system core dump settings.
Remediation:
Test Plan:
Using Linux command line:
- Check the current core dump backtrace setting (example for systemd-coredump):
coredumpctl info | grep Backtrace
Verify that backtraces are disabled in core dumps.
Implementation Plan:
Using Linux command line:
1. Configure system to disable core dump backtraces. For systems using systemd-coredump, edit
/etc/systemd/coredump.conf: [Coredump] Backtrace=no
2. Restart systemd-coredump service or reboot:
systemctl restart systemd-coredump
3. Confirm configuration is active.
Backout Plan:
Using Linux command line:
- Re-enable backtraces by setting:
Backtrace=yes
Restart systemd-coredump service.
Verify backtrace inclusion in core dumps.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
systemd-coredump Documentation