"ps -e" without procfs(5)
Mikolaj Golub
trociny at freebsd.org
Sun Dec 4 17:55:33 UTC 2011
On Sun, 4 Dec 2011 15:57:06 +0000 Robert N. M. Watson wrote:
RNMW> On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote:
>> On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote:
>>> [KERN_PROC_AUXV requires just p_cansee()]
>>
>> If we are ever going to do ASLR, the AUXV information tells an attacker
>> where the stack, executable and RTLD are located, which defeats much of
>> the point of randomizing the addresses in the first place.
>>
>> Given that the AUXV information seems to be used by debuggers only
>> anyway, I think it would be good to move it to p_candebug() now.
>>
>> The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already
>> under p_candebug().
RNMW> Agreed. In general, my view is that p_cansee() should be used for very
RNMW> few of our process inspection APIs. I like your example of ASLR
RNMW> especially, as it illustrates how debugging information can aid even
RNMW> local attacks (i.e., user vs. setuid binary).
Thanks! I will change it to p_candebug().
--
Mikolaj Golub
More information about the freebsd-hackers
mailing list