Strange file in my cgi-bin

Posted on 2006-05-01
Last Modified: 2012-05-05
I have never seen this file in my cgi-bin directory before and since nobody is allowed access to this server, I can't help but wonder the worst.
Has anyone ever seen a file called 'edit.core' before? This file is 831488 bytes in size and appears to be either compiled code or something along those lines.

I don't know if it belongs to some other software I have installed in my server, but it's definitely nothing I directly recall having put there myself, yet it's user:group is root:wheel.

Any ideas will be extremely appreciated.

Question by:adrian_brooks
    LVL 2

    Expert Comment

    I can`t say I know much about this, but from what I recall , this should be ok. Thease files are needed for linux managment, and if anyone knows more, just tell the guy. I just wanted to calm down
    LVL 12

    Author Comment

    Thanks for the response, guruyaya.

    Well, I have FreeBSD, but it probably is unix in general, perhaps. The only confusing part about this though is that I have two servers, both FreeBSD 5.4, both running Apache2.x, MySQL 4, but only one of them has this file in their cgi-bin directory. So, this is what raised my suspiscions about it possibly being either a hack or something else to provide remote access to my server.
    LVL 10

    Accepted Solution

    It's a core dump file.

    Apparently a program crashed and wrote out it's crash dump in the cgi-bin directory, so that was probably it's working directory when the process was launched.
    In other words, chances are it was a failed test of some sort of cgi program.

    If you want to get more information about it, there are a couple of things that can help:
    --Checking the date and time might help you remember what you were working on.
    --Get some more information about it from the 'file' command:

        file edit.core

    That should tell you what executable created it.  If you still have that executable and are motivated to find out more, you can probably use gdb to trace what the fault was.
    LVL 12

    Author Comment

    Outstanding suggestion!

    I ran that file command and it came back with this;

    cgi-bin/edit.core: ELF 32-bit LSB core file Intel 80386, version 1 (FreeBSD), FreeBSD-style, from 'edit'

    does that mean that I was using the edit command when this took place? I use that command for just about everything except when I need to use vi for chpass stuff.
    LVL 12

    Author Comment

    So, I should safely be able to delete this file then, correct?

    Thanks a million for that response, also. :)
    LVL 2

    Assisted Solution

    Yeah, .core files are usually written into the current directory when a program crashes.

    For example if you try to start apache and it segfaults, you'll end up with a file called httpd.core in your current directory. These files can be pretty big and can eat up a lot of space if you're not careful!

    Safe to delete. The memory dump is only written out to help you debug the error (if you feel that way inclined..).


    LVL 12

    Author Comment

    Thanks for your response also patspam.

    Although I have been running these servers for a few years now, it seems a never ending learning curve. Always something new coming up to twist your brain around for a bit.

    Well, since you completed the answer to my final secondary question, I'm going to split the points between you and sleep_furiously since his initial response pretty much was the needed answer to the brunt of my worries. But thank you very much for partaking in this solution though. :)

    Take care for now guys/gals.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now