diff --git a/cli-main.c b/cli-main.c
index 3f767c916c0d60bd9144b2c3f4f483d26e831012..68cf0230f9f832ceddf79542a10d856558edc1d0 100644
--- a/cli-main.c
+++ b/cli-main.c
@@ -47,6 +47,8 @@ int main(int argc, char ** argv) {
 	_dropbear_exit = cli_dropbear_exit;
 	_dropbear_log = cli_dropbear_log;
 
+	disallow_core();
+
 	cli_getopts(argc, argv);
 
 	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
diff --git a/dbutil.c b/dbutil.c
index f06b8bfacf9961a20d0691e41cec247140a620f3..4559ba9902e6377fb8dd0b231cdb451de431f70b 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -693,3 +693,9 @@ void setnonblocking(int fd) {
 	}
 	TRACE(("leave setnonblocking"))
 }
+
+void disallow_core() {
+	struct rlimit lim;
+	lim.rlim_cur = lim.rlim_max = 0;
+	setrlimit(RLIMIT_CORE, &lim);
+}
diff --git a/dbutil.h b/dbutil.h
index d74e17e260512252237bc1551f482cd44a59df2a..856978d3da31df4765ee8978381cb6369f2f62d7 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -63,6 +63,7 @@ void * m_realloc(void* ptr, size_t size);
 void __m_free(void* ptr);
 void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
+void disallow_core();
 
 /* Used to force mp_ints to be initialised */
 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
diff --git a/includes.h b/includes.h
index 1fcf6342197603b2942e7e0e6d75c22c79c55f19..017de66bea41c0d5e38253946785e2b583218992 100644
--- a/includes.h
+++ b/includes.h
@@ -38,6 +38,7 @@
 #include <sys/time.h>
 #include <sys/un.h>
 #include <sys/wait.h>
+#include <sys/resource.h>
 
 #include <stdio.h>
 #include <errno.h>
diff --git a/packet.c b/packet.c
index b2c61747dc7d248346f667876fa4f84df463da7a..9e7c67a8406e6250baa8f5be98df72877e5c1088 100644
--- a/packet.c
+++ b/packet.c
@@ -446,10 +446,6 @@ void encrypt_packet() {
 	}
 
 	/* finished with payload */
-	buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't
-								   _that_ likely to hurt performance too badly.
-								   Buffers can have cleartext passwords etc, or
-								   other sensitive data */
 	buf_setpos(ses.writepayload, 0);
 	buf_setlen(ses.writepayload, 0);
 
diff --git a/process-packet.c b/process-packet.c
index 07fc13010c9464db48b332b3b4c259d0a98659fc..ba39d9f7252db5c45aa53cc4bc6b65fc86ead371 100644
--- a/process-packet.c
+++ b/process-packet.c
@@ -119,7 +119,6 @@ void process_packet() {
 	recv_unimplemented();
 
 out:
-	buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */
 	buf_free(ses.payload);
 	ses.payload = NULL;
 
diff --git a/svr-main.c b/svr-main.c
index e228acf8186cf4c780e4e105397474c8858d5321..ddf5445765aeb25ad263873e3b1aa46c91d38a5f 100644
--- a/svr-main.c
+++ b/svr-main.c
@@ -52,6 +52,8 @@ int main(int argc, char ** argv)
 	_dropbear_exit = svr_dropbear_exit;
 	_dropbear_log = svr_dropbear_log;
 
+	disallow_core();
+
 	/* get commandline options */
 	svr_getopts(argc, argv);