
...
The POSIX standard system calls call for controlling resource limits, setrlimit()
and ulimit()
{}
, can be used to disable the creation of core dumps. This prevents an attacker with the ability to halt the program from gaining access to sensitive data that may be contained in the dump.
...
To prevent the information being written to a core dump, the size of core dumps that the program will generate should be set to 0. This can accomplished by using setrlimit()
or ulimit()
.
Code Block | ||
---|---|---|
| ||
#include <resource.h> /* ... */ struct rlimit limit; limit.rlim_cur = 0; limit.rlim_max = 0; if(!setrlimit(RLIMIT_CORE, &limit)) { /* Handle Error */ } /* ... */ char *secret; size_t size = strlen(input); if (size == SIZE_MAX) { /* Handle Error */ } secret = malloc(size+1); if (!secret) { /* Handle Error */ } strcpy(secret, input); /* Perform operations using secret... */ free(secret); /* ... */ |
...