OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: core dump
From: Bluefish (11aGMX.NET)
Date: Fri Jul 14 2000 - 03:01:38 CDT

Coredumps contains usefull information about what error has occured; as an
example, if someone overflows with lots of A (0x41), the coredump will
show that the stack contains a lot of 0x41. If it was possible to modify
the return address, it will show that execuation broke at a jump to
0x41414141.

Coredumping is an imporant debugging feature. It can be disabled in live
systems by modifying limits, or made unreadable by others than the
"creator" by changing the umask.

Site which are considered security critical should probably disable
coredumps, as they may contain critical data (as the a somewhat recent
example in vuln-dev where a ftp-client kept the password in memory and
then coredumped)

Although I haven't used coredumps in my development (not done so much
programming in the unix environemnt) I consider them an important
feature which should be implemented in other oprating systems as well.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

On Thu, 13 Jul 2000, mount ararat blossom wrote:

> hi folks,
> i do not know this has been asked before but if so, sorry.
> my question is that i am new into the topic of vulnerability development
> world and i really wonder why unix like OS dumps core files and what is the
> importance
> of it.
> thanks
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>