Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Jun 2006 14:33:51 -0500
From:      James Riendeau <jtriende@wisc.edu>
To:        Tofik Suleymanov <tofik@oxygen.az>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: reading process memory
Message-ID:  <4549C3E0-B98D-4648-9C7E-C3E8823D8B94@wisc.edu>
In-Reply-To: <4486EFC8.6080601@oxygen.az>
References:  <4486A111.6020300@oxygen.az> <ED5EC8BD-0A92-4D73-BC01-48FD930311FF@wisc.edu> <4486EFC8.6080601@oxygen.az>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ahh.  I think I goofed slightly.  I think your application has to be  
the parent of the running process to get at that property.  See:

http://www.informit.com/articles/article.asp?p=366888&seqNum=10

James Riendeau
MMI Computer Support Technician
1300 University Ave
Rm. 436, Dept. of MedMicro
Madison, WI  53706

Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtriende@wisc.edu



On Jun 7, 2006, at 10:24 AM, Tofik Suleymanov wrote:

> James Riendeau wrote:
>> How are you defining "assuming right privileges"?
> assuming uid 0
>
>>   The only way you're going to be able to read another processes  
>> address space is in the kernel.Even a process running as root is  
>> not able to read another process's data.
> how does gdb then reads for example different variables of running  
> program ?
>>   One of the principle responsibilities of the OS is to manage the  
>> private memory space of each process, and I emphasize private.   
>> The last thing you would want on a secure system is the ability of  
>> other processes to read or write to another process's address  
>> space.Even a parent process should not be able to read a child's  
>> address space, as the fork logically duplicates their address  
>> space and they go their separate ways.  An attempt to read another  
>> processes address space should trap to the kernel and the kernel  
>> should kill the process immediately.  There is one exception to  
>> this:  you can setup a pipe or memory share between two processes,  
>> however, both processes have to agree to share some memory or  
>> connect via a pipe.  I'm not going to give you a howto via email  
>> as the subject usually fills a solid chapter in most OS books.
> Thank you for brief and altogether extensive explanation of the  
> case.The thing i wanted to do is to read let's say portions of  
> memory where .bss and .data block of a running program reside.
>
> is that possible ?
>
> Sincerely,
> Tofik Suleymanov
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4549C3E0-B98D-4648-9C7E-C3E8823D8B94>