From owner-freebsd-hackers  Wed Jul 15 16:06:43 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA01903
          for freebsd-hackers-outgoing; Wed, 15 Jul 1998 16:06:43 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.camalott.com (root@mail.camalott.com [208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA01898
          for <hackers@FreeBSD.ORG>; Wed, 15 Jul 1998 16:06:41 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-112.camalott.com [208.229.74.112])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id SAA05444;
	Wed, 15 Jul 1998 18:06:49 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.8.8/8.8.8) id SAA15377;
	Wed, 15 Jul 1998 18:05:58 -0500 (CDT)
	(envelope-from joelh)
Date: Wed, 15 Jul 1998 18:05:58 -0500 (CDT)
Message-Id: <199807152305.SAA15377@detlev.UUCP>
To: robert+freebsd@cyrus.watson.org
CC: matthew@wolfepub.com, hackers@FreeBSD.ORG
In-reply-to: <Pine.BSF.3.96.980715171019.14094G-100000@fledge.watson.org>
	(message from Robert Watson on Wed, 15 Jul 1998 17:12:15 -0400 (EDT))
Subject: Re: Protecting data in memory
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References:  <Pine.BSF.3.96.980715171019.14094G-100000@fledge.watson.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>> Is there any way to protect a programs memory space from all users, even
>>> root?
>> No.  root always has access to all memory space.  Consider: If it were
>> otherwise, root could just patch the kernel and gain whatever access
>> was needed.
> On the contrary.  This is the purpose of securelevels and read-only
> files/file-systems.

I realize this.  I was actually giving a simplistic example.  Yes, you
can prevent the kernel from being patched.  You would also have to
prevent trojan horse attacks elsewhere (ie, r/o /usr and /), not to
mention avoid root managing to patch the in-core kernel, etc, etc.

Best,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message