Re: Solaris 2.3 login

Perry E. Metzger (perry@imsi.com)
Fri, 12 Aug 1994 10:41:10 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John DiMarco: "Re: Solaris 2.3 login"
Previous message: jatipper@vnet.IBM.COM: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"
Next in thread: John DiMarco: "Re: Solaris 2.3 login"

jatipper@vnet.IBM.COM says:
> Can someone please explain what the security implications are if a
> program results in a coredump? I have discovered several programs here on
> my machines that can result in these.  How could an intruder use these to
> gain access?  What are the best ways of combatting this?

Any suid program that dumps core is a candidate for security holes for
several reasons.

1) The core file itself may contain privileged information that should
   not be available to the user. (Many versions of unix will not allow
   suid programs to leave core files for this and other reasons.)
2) The core file indicates that there is some data driven way to get
   the program to misbehave. Often, that means that if I can only set
   the parameters to the program properly with careful study, I can
   manage to get it to overwrite key memory locations and allow me to
   break security. The recent sendmail debug flag bug wes of this
   form. 

Perry

Next message: John DiMarco: "Re: Solaris 2.3 login"
Previous message: jatipper@vnet.IBM.COM: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"
Next in thread: John DiMarco: "Re: Solaris 2.3 login"