From owner-freebsd-bugs Mon Jul 26 1:30:29 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2BBB0152D9 for ; Mon, 26 Jul 1999 01:30:26 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id BAA26504; Mon, 26 Jul 1999 01:30:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 26 Jul 1999 01:30:02 -0700 (PDT) Message-Id: <199907260830.BAA26504@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Subject: Re: kern/3546: ktrace works even if no read permission Reply-To: Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/3546; it has been noted by GNATS. From: To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/3546: ktrace works even if no read permission Date: Mon, 26 Jul 1999 01:23:51 -0700 (PDT) Post discussion on -hackers, there is enough evidence to argue that the change does not do add significant security: Summary of arguments against the change: * [imp@freebsd.org] A libc wrapper which logs syscall entry points (userland tracing) can bypass the check. * [sef@freebsd.org] A core dump can still expose the program text. `procfs' and `ptrace' can be used to examine the process contents. Making security conscious programs setuid in the presence of KTRACE is a better approach. I will close the PR shortly. Koshy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message