Verify the dump path only if dumpable is set to suidsafe

artem-sidorenko · artem-sidorenko · commit e3df2dbb136d · 2017-03-13T19:56:44.000+01:00
See this discussion 790371c#commitcomment-21277650
diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
@@ -317,14 +317,22 @@
   end
 end
 
-control 'sysctl-31' do
+control 'sysctl-31a' do
   impact 1.0
-  title 'Secure Core Dumps'
-  desc 'Ensure that core dumps can never be made by setuid programs or with fully qualified path'
+  title 'Secure Core Dumps - dump settings'
+  desc 'Ensure that core dumps can never be made by setuid programs'
 
   describe kernel_parameter('fs.suid_dumpable') do
     its(:value) { should cmp(/(0|2)/) }
   end
+end
+
+control 'sysctl-31b' do
+  impact 1.0
+  title 'Secure Core Dumps - dump path'
+  desc 'Ensure that core dumps are done with fully qualified path'
+  only_if { kernel_parameter('fs.suid_dumpable').value == 2 }
+
   describe kernel_parameter('kernel.core_pattern') do
     its(:value) { should match %r{^/.*} }
   end
