reading process memory
Tofik Suleymanov
tofik at oxygen.az
Wed Jun 7 17:47:58 UTC 2006
James Riendeau wrote:
> How are you defining "assuming right privileges"?
assuming uid 0
> The only way you're going to be able to read another processes
> address space is in the kernel.Even a process running as root is not
> able to read another process's data.
how does gdb then reads for example different variables of running
program ?
> One of the principle responsibilities of the OS is to manage the
> private memory space of each process, and I emphasize private. The
> last thing you would want on a secure system is the ability of other
> processes to read or write to another process's address space.Even a
> parent process should not be able to read a child's address space, as
> the fork logically duplicates their address space and they go their
> separate ways. An attempt to read another processes address space
> should trap to the kernel and the kernel should kill the process
> immediately. There is one exception to this: you can setup a pipe or
> memory share between two processes, however, both processes have to
> agree to share some memory or connect via a pipe. I'm not going to
> give you a howto via email as the subject usually fills a solid
> chapter in most OS books.
Thank you for brief and altogether extensive explanation of the case.The
thing i wanted to do is to read let's say portions of memory where .bss
and .data block of a running program reside.
is that possible ?
Sincerely,
Tofik Suleymanov
More information about the freebsd-stable
mailing list