Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: core dump

From: 11a () GMX NET (Bluefish)
Date: Fri, 14 Jul 2000 10:01:38 +0200

Coredumps contains usefull information about what error has occured; as an
example, if someone overflows with lots of A (0x41), the coredump will
show that the stack contains a lot of 0x41. If it was possible to modify
the return address, it will show that execuation broke at a jump to
0x41414141.

Coredumping is an imporant debugging feature. It can be disabled in live
systems by modifying limits, or made unreadable by others than the
"creator" by changing the umask.

Site which are considered security critical should probably disable
coredumps, as they may contain critical data (as the a somewhat recent
example in vuln-dev where a ftp-client kept the password in memory and
then coredumped)

Although I haven't used coredumps in my development (not done so much
programming in the unix environemnt) I consider them an important
feature which should be implemented in other oprating systems as well.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

On Thu, 13 Jul 2000, mount ararat blossom wrote:


hi folks,
i do not know this has been asked before but if so, sorry.
my question is that i am new into the topic of vulnerability development
world and i really wonder why unix like OS dumps core files and what is the
importance
of it.
thanks
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: