In <199408121258.HAA04845@freeside.fc.net> you write: Can someone please explain what the security implications are if a program results in a coredump? I have discovered several programs here on my machines that can result in these. How could an intruder use these to gain access? What are the best ways of combatting this? This first of all isn't much of an issue if the program is not running as a priveledged user. Of course if you can trick a priveledged user into running it, then... Overall though, it depends on why it's dropping core: if you can give it extra long input strings, etc. that cause it to drop core, then you can probably give it suitably formatted extra long input strings that cause it to execute a particular piece of code (i.e. exec a shell). This is the old fingerd-crack approach where you send a long string, overflow a buffer onto the stack, which makes the return address from strcpy or some such now return to the buffer, and execute it. This requires some knowledge of the program being executed, but can be figured out most easily from the core file it generates from a known long string... Other tricks involve making symlinks named core and causing various files to be scribbled on -- this generally gives denial of service attacks, but if for example your environment shows up early in the core file, you can stuff things in your environment that look a lot like password file entries, etc. I'm sure folks on the list here can come up with a few more specific examples, but that's the general gist of it. marc