Re: Can executable file(can't read) still be coredumped in solaris ?

[alert7 <alert7 () xfocus org>]

hi all

        I also tested succeed on solaris 9 which patched lastest patch.(Kernel version: SunOS 5.9 Generic 118558-02 Jan 
2005).
        It coredumped a executable file which can NOT be read.i think this is a vulnerability.

> hi ,dear friends:
>
> I have tested succeed on solaris 8
> Executable file(can't read) can be coredumped . 
> Bug I don't know whether it is still exist or not.
>
>
> [alert7@Solaris8 solaris]$ uname -a
> SunOS Solaris8 5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-5_10
>
> COREDUMP enable
> example
>
> [alert7@Solaris8 alert7]$ ls -la test
> --wx--x--x   1 root     pubcvs      6344 Aug 16 11:27 test
> [alert7@Solaris8 alert7]$ id
> uid=108(alert7) gid=102(pubcvs)
>
> [alert7@Solaris8 alert7]$ ps -ef|grep test
>   alert7   440   380  0 13:59:02 pts/2    0:00 ./test ff
> [alert7@Solaris8 alert7]$ kill -4 440
> [alert7@Solaris8 alert7]$ ./test ff
> Illegal Instruction (core dumped)
>
> [alert7@Solaris8 alert7]$ ls -la core
> -rw-------   1 alert7   pubcvs     72192 Aug 17 13:59 core
> [alert7@Solaris8 alert7]$ gdb -q -c core
> Core was generated by `./test ff'.
> Program terminated with signal 4, Illegal instruction.
> #0  0xff31b788 in ?? ()
>
> SIGQUIT
> SIGILL
> SIGTRAP
> SIGIOT
> SIGEMT
> SIGFPE
> SIGBUS
> SIGSEGV
> SIGSYS
> SIGXCPU
> SIGXFSZ
>
> these above signal also can cause process coredump if process not set signal handler

-- 
Best Regards
alert7 () xfocus org

XFOCUS Security Team
http://www.xfocus.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/