"ps -e" without procfs(5)
jilles at stack.nl
Sun Dec 4 21:19:18 UTC 2011
On Sun, Dec 04, 2011 at 10:58:10PM +0200, Mikolaj Golub wrote:
> RNMW> Agreed. In general, my view is that p_cansee() should be used for very
> RNMW> few of our process inspection APIs. I like your example of ASLR
> RNMW> especially, as it illustrates how debugging information can aid even
> RNMW> local attacks (i.e., user vs. setuid binary).
> What do you think about recently added kern.proc.ps_strings, which
> returns location of ps_strings structure? It uses p_cansee() too. The
> location is the same for all processes of the same ABI, so this does
> not look like sensitive information, on the other hand it also seems
> to be used by debuggers only.
With stack ASLR, the address will not be the same for every process of
the same ABI and will be sensitive information. Therefore I think this
should be locked down too.
More information about the freebsd-hackers