Disable support for /proc/kkcore

An XCCDF Rule

Details
Profiles
Prose

Description

Provides a virtual ELF core file of the live kernel. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_PROC_KCORE, run the following command: grep CONFIG_PROC_KCORE /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

This feature exposes the memory to the userspace and can assist an attacker in discovering attack vectors.

ID: xccdf_org.ssgproject.content_rule_kernel_config_proc_kcore
Severity: Low
References: BP28(R15)
Updated: about 1 year ago