Derek Martin wrote on 17 Mar 2007 05:05:49 +0100: > How many people reading this thought of the core dump problem I just > mentioned? Well, if your operating system creates world-readable coredump, you should report this as a security vulnerabilty, because it is indeed one (see http://www.securityfocus.com/bid/5737/info for instance). Linux does explicity set the core mode to 0600 in fs/exec.c: # file = filp_open(corename, # O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, # 0600); And Solaris behaves in the same sane way. Could it be that you too are somewhat ignorant in security matters? -- Gaëtan LEURENT
Attachment:
pgpI96EDOwU0F.pgp
Description: PGP signature