From owner-freebsd-hackers@FreeBSD.ORG Sun Dec 4 17:55:33 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6117B106564A; Sun, 4 Dec 2011 17:55:33 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 901828FC16; Sun, 4 Dec 2011 17:55:32 +0000 (UTC) Received: by bkat2 with SMTP id t2so6715585bka.13 for ; Sun, 04 Dec 2011 09:55:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:references:x-comment-to:sender:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=Z+ORSDHWXWqHyCJjsdYVlSD6Zznk5CxfA+Bsaxq7JjE=; b=r53wmzMUvfXia8MZSW7CMMTvyz1u4tL8JlSaRHaCF9Qgir6iD2vEmLzTxcQZv4Exve HTiUJObim6jQ1YOdvAB7dFUebT9IUjgHoc5ETQqStIf0mwgtLYji1OcwLlpnQrmMGw61 BJsrgPHey/H9mADhIX9omxwimPyG+BUFYAbUk= Received: by 10.205.128.148 with SMTP id he20mr2725898bkc.127.1323021331231; Sun, 04 Dec 2011 09:55:31 -0800 (PST) Received: from localhost ([95.69.173.122]) by mx.google.com with ESMTPS id e8sm26023468bkd.7.2011.12.04.09.55.29 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 04 Dec 2011 09:55:29 -0800 (PST) From: Mikolaj Golub To: "Robert N. M. Watson" References: <86y5wkeuw9.fsf@kopusha.home.net> <20111016171005.GB50300@deviant.kiev.zoral.com.ua> <86aa8qozyx.fsf@kopusha.home.net> <20111025082451.GO50300@deviant.kiev.zoral.com.ua> <86aa8k2im0.fsf@kopusha.home.net> <20111204143145.GA44832@stack.nl> <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org> X-Comment-To: Robert N. M. Watson Sender: Mikolaj Golub Date: Sun, 04 Dec 2011 19:55:27 +0200 In-Reply-To: <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org> (Robert N. M. Watson's message of "Sun, 4 Dec 2011 15:57:06 +0000") Message-ID: <86r50kdxww.fsf@kopusha.home.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Kostik Belousov , freebsd-hackers@freebsd.org, Jilles Tjoelker Subject: Re: "ps -e" without procfs(5) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Dec 2011 17:55:33 -0000 On Sun, 4 Dec 2011 15:57:06 +0000 Robert N. M. Watson wrote: RNMW> On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote: >> On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote: >>> [KERN_PROC_AUXV requires just p_cansee()] >> >> If we are ever going to do ASLR, the AUXV information tells an attacker >> where the stack, executable and RTLD are located, which defeats much of >> the point of randomizing the addresses in the first place. >> >> Given that the AUXV information seems to be used by debuggers only >> anyway, I think it would be good to move it to p_candebug() now. >> >> The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already >> under p_candebug(). RNMW> Agreed. In general, my view is that p_cansee() should be used for very RNMW> few of our process inspection APIs. I like your example of ASLR RNMW> especially, as it illustrates how debugging information can aid even RNMW> local attacks (i.e., user vs. setuid binary). Thanks! I will change it to p_candebug(). -- Mikolaj Golub