Bug ID: 5015982 *coreadm* should log core generation events by default

Bug ID	5015982
Synopsis	coreadm should log core generation events by default
State	3-Accepted (Yes, that is a problem)
Category:Subcategory	utility:kernel
Keywords	SOOTB \| gse-sec-team \| oss-request \| oss-sponsor \| sol-sec-guide
Sponsor	Casper Dik
Submitter
Responsible Engineer	Casper Dik
Reported Against	5.10
Duplicate Of
Introduced In
Commit to Fix
Fixed In
Release Fixed
Related Bugs
Submit Date	18-March-2004
Last Update Date	11-February-2009
Description	By default, the coreadm command is configured to not log core file generation events to SYSLOG. This RFE is to enable this functionality by default. The generation of core files should be infrequent in most of our customer's computing environments (development environments is the primary exception). Notifying an administrator of such an event can help bring potential problems to light. In addition, attempts to execute buffer overflows against code can cause the generation of core files. Currently, such events can go unnoticed, allowing an attacker to potentially access a system (or elevate his/her privileges) unnoticed. For this reason, such events should also be logged by default. For most customer systems, the logging of such events will serve as a heads-up allowing administrators to take a closer look at what is happening on their systems. This RFE is being submitted on behalf of the Solaris 10 Secure by Default team (sbd- xxxxx@xxxxx.com). xxxxx@xxxxx.com 2004-03-18
Work Around	N/A
Comments	N/A

OpenSolaris