Mac OS X,  Mac Security

Core Dumps in Mac OS X

Every now and then, OS X has to drop some kids off at the pool. Usually it’s some developer that didn’t build a sanity check for every-single-possible-flippin’-thing-you-might-think-to-do-to-his/her-poor-flippin’-app-OMGYFI! And then, suddenly, out of nowhere, you get crap all over the system. Actually, as expected, Apple’s dumps are pretty well sequestered in the /cores directory. Each core file has a number appended behind it. For example, core.9901. When applications crash, they can save a lot of information about the state when they crashed into these files. For example, I have seen  cached passwords in there…

To disable core dumps, add the following line to /etc/sysctl.conf:

kern.coredump=0

After a restart core dumps will be disabled. You can also set the coredump setting to 0 to disable it live, using the sysctl command, but it will revert back to 1 at the next reboot:

sudo sysctl -w kern.coredump=0

Existing core files are removed using the following command:

sudo rm -f /cores/*

As core files actually serve a purpose, if an application or the system needs some good troubleshooting-foo, re-enable:

sudo sysctl -w kern.coredump=1