Vulnerability Development mailing list archives

Re: Core Dump as an Intrusion Event

From: Daniel Roesen <droesen () ENTIRE-SYSTEMS COM>
Date: Tue, 10 Oct 2000 10:59:15 +0200

On Sun, Oct 08, 2000 at 10:41:05PM +0300, Jarno Huuskonen wrote:

What about adding some code so it can be controlled thru the proc filesystem ?
Like enabling/disabling logging, log only certain programs etc.
(echo 1 > /proc/sys/kernel/core-logging)
Does this sound feasible/sensible ?


I'm working on this. Logging of coredumps (names core.<processname>.<pid>)
to syslog (via klogd) is already in place, it just needs the sysctl
interface.


Best regards,
Daniel

--
----------------------------------------------------------------------
entire systems GmbH         | droesen () entire-systems com
Internet Services           | Phone: +49 2624 9550-55
Ferbachstrasse 12           | Fax:   +49 2624 9550-20
D-56203 Hoehr-Grenzhausen   | http://www.entire-systems.com/
----------------------------------------------------------------------

Current thread:

Re: Core Dump as an Intrusion Event, (continued)
- - Re: Core Dump as an Intrusion Event Crist Clark (Oct 07)
  - Re: Core Dump as an Intrusion Event Kev (Oct 07)
  - Re: Core Dump as an Intrusion Event antirez (Oct 08)
    - Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 08)
    - Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 09)
    - Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 09)
    - Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 11)
    - Re: Core Dump as an Intrusion Event antirez (Oct 12)
    - Re: Core Dump as an Intrusion Event antirez (Oct 09)
    - Re: Core Dump as an Intrusion Event antirez (Oct 09)
    - Re: Core Dump as an Intrusion Event Daniel Roesen (Oct 10)
- Re: Core Dump as an Intrusion Event Michael Wojcik (Oct 07)