"ps -e" without procfs(5)
Robert N. M. Watson
rwatson at freebsd.org
Sun Dec 4 15:57:10 UTC 2011
On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote:
> On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote:
>> [KERN_PROC_AUXV requires just p_cansee()]
>
> If we are ever going to do ASLR, the AUXV information tells an attacker
> where the stack, executable and RTLD are located, which defeats much of
> the point of randomizing the addresses in the first place.
>
> Given that the AUXV information seems to be used by debuggers only
> anyway, I think it would be good to move it to p_candebug() now.
>
> The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already
> under p_candebug().
Agreed. In general, my view is that p_cansee() should be used for very few of our process inspection APIs. I like your example of ASLR especially, as it illustrates how debugging information can aid even local attacks (i.e., user vs. setuid binary).
Robert
More information about the freebsd-hackers
mailing list