>From: John Tipper, Open Client/Server Group >*** Resending note of 12/08/94 13:44 >Classification: -- NONE -- >Subject: Core Dumps > >Hi, > >I'm new to this area, and to butraq, so please bear with me if this note >is in the wrong format, or doesn't belong here. > >Can someone please explain what the security implications are if a >program results in a coredump? I have discovered several programs here on >my machines that can result in these. How could an intruder use these to >gain access? What are the best ways of combatting this? > >Thanks, in the case with login, if login dumps there is a change that you can get a "page" from the shadow password in the dump; thus if you do this a few time you can get a copy of the shadow password file. Also it depends on the system. A old "get root quick" method was to do the following ls -s /etc/passwd ./core then get something to dump core and it might over write a system file. If your binary has a string that looks like a valid password line you might get root. ( this assumes the kernal core_dump funtion will follow links with is not the case under current verions of BSD). -Pete