El sáb., 23 de jun. de 2018 10:58, Stephan Houben <stephan...@gmail.com> escribió:
> Would it not be much simpler and more secure to just disable core dumps? > > /etc/security/limits.conf on Linux. > > If the attacker can cause and read a core dump, the game seems over anyway > since sooner or later he will catch the core dump at a time the string was > not yet deleted. > Thing is that this could be leaked in other ways, not just on a core. Additiinally there is the case when you need a core to debug the issue, you could be sharing sensitive info without knowing it. Also is not always an option disabling core generation.
_______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
