reading process memory
jtriende at wisc.edu
Wed Jun 7 17:04:50 UTC 2006
How are you defining "assuming right privileges"? The only way
you're going to be able to read another processes address space is in
the kernel. Even a process running as root is not able to read
another process's data. One of the principle responsibilities of the
OS is to manage the private memory space of each process, and I
emphasize private. The last thing you would want on a secure system
is the ability of other processes to read or write to another
process's address space. Even a parent process should not be able to
read a child's address space, as the fork logically duplicates their
address space and they go their separate ways. An attempt to read
another processes address space should trap to the kernel and the
kernel should kill the process immediately. There is one exception
to this: you can setup a pipe or memory share between two processes,
however, both processes have to agree to share some memory or connect
via a pipe. I'm not going to give you a howto via email as the
subject usually fills a solid chapter in most OS books.
MMI Computer Support Technician
1300 University Ave
Rm. 436, Dept. of MedMicro
Madison, WI 53706
Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtriende at wisc.edu
On Jun 7, 2006, at 4:49 AM, Tofik Suleymanov wrote:
> Hello, folks
> I believe that it is possible to read contents of the memory used/
> utilized by a process (assuming right privileges).
> First i've tried to do this through procfs by reading 'mem'
> property of the given process, but no success.
> Maybe there is another way of doing such things ?
> Any clue would be appreciated.
> Tofik Suleymanov
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
More information about the freebsd-questions