Subject: Re: coredump following symlinks
To: Manuel Bouyer <firstname.lastname@example.org>
From: Robert Elz <kre@munnari.OZ.AU>
Date: 08/28/1999 00:46:16
Date: Fri, 27 Aug 1999 16:23:33 +0200
From: Manuel Bouyer <email@example.com>
| I'm using tcsh :)
You have my sympathy...
| I strongly believe that avoiding this kind of attack is a good thing.
I agree. I was just hoping that adding a fix for this in the kernel
wouldn't be treated as an excuse to not fix whatever process it is
(find, fsck, whatever) which is dumping core in that case.
| You can get core dumps for other reasons than a buffer overlow
| on the stack.
Yes - sure. the point there was that if you can do a buffer overrun to
cause a core dump to kill a file, you can probably also do a buffer
overrun to kill the stack (or something else) to cause arbitrary code to
be executed. It's harder to get right, but it should be possible. Thus
it really is important to fix whatever prog is core dumping.