Vulnerability Development mailing list archives
Re: core dump
From: ljb () OBSIDIAN CO ZA (Leon Breedt)
Date: Thu, 13 Jul 2000 14:55:10 +0200
mount ararat blossom (mount_ararat_blossom () HOTMAIL COM) spake thusly:
my question is that i am new into the topic of vulnerability development world and i really wonder why unix like OS dumps core files and what is the importance of it.
A core dump is a memory image of an application. When the application performs illegal memory accesses, it gets sent a SIGSEGV signal, aborts, and leaves a core file in its working directory (if you have enabled this feature with ulimit). This is useful for debugging a program, but can represent a security hole if the program had any kind of cleartext passwords in memory at the time the error occurred. If a program does this, its usually a case of programmer error (off-by-one, insufficient error checking, non-robust code). Regards, Leon. -- < Leon Breedt : ljb () debian org > < Developer, Obsidian Systems : http://obsidian.co.za >
Current thread:
- CASL & IP Options Gabe Kostolny (Jul 11)
- Re: CASL & IP Options Pedro Quintanilha (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Nokia 7110 Wap Browser Hole Aidan O'Kelly (Jul 13)
- core dump mount ararat blossom (Jul 13)
- Re: core dump Leon Breedt (Jul 13)
- Re: core dump Kev (Jul 13)
- Re: core dump Tymm Twillman (Jul 13)
- Re: core dump Bluefish (Jul 14)
- Denials of Service Attacks J. Oquendo (Jul 16)
- Re: Denials of Service Attacks Adam Muntner (Jul 18)
- Re: core dump Javier Abdul Córdoba Gándara (Jul 17)
- IIS anonymous user - who? Chris Erasmus (Jul 17)
- Re: IIS anonymous user - who? Bill Pennington (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- IE Script Vul. Frank Town (Jul 18)