Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 04 Dec 2011 22:58:10 +0200
From:      Mikolaj Golub <trociny@freebsd.org>
To:        "Robert N. M. Watson" <rwatson@freebsd.org>
Cc:        Kostik Belousov <kostikbel@gmail.com>, freebsd-hackers@freebsd.org, Jilles Tjoelker <jilles@stack.nl>
Subject:   Re: "ps -e" without procfs(5)
Message-ID:  <86liqsawbh.fsf@kopusha.home.net>
References:  <86y5wkeuw9.fsf@kopusha.home.net> <20111016171005.GB50300@deviant.kiev.zoral.com.ua> <86aa8qozyx.fsf@kopusha.home.net> <20111025082451.GO50300@deviant.kiev.zoral.com.ua> <86aa8k2im0.fsf@kopusha.home.net> <20111204143145.GA44832@stack.nl> <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Sun, 4 Dec 2011 15:57:06 +0000 Robert N. M. Watson wrote:

 RNMW> On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote:

 >> On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote:
 >>> [KERN_PROC_AUXV requires just p_cansee()]
 >> 
 >> If we are ever going to do ASLR, the AUXV information tells an attacker
 >> where the stack, executable and RTLD are located, which defeats much of
 >> the point of randomizing the addresses in the first place.
 >> 
 >> Given that the AUXV information seems to be used by debuggers only
 >> anyway, I think it would be good to move it to p_candebug() now.
 >> 
 >> The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already
 >> under p_candebug().


 RNMW> Agreed. In general, my view is that p_cansee() should be used for very
 RNMW> few of our process inspection APIs. I like your example of ASLR
 RNMW> especially, as it illustrates how debugging information can aid even
 RNMW> local attacks (i.e., user vs. setuid binary).

What do you think about recently added kern.proc.ps_strings, which returns
location of ps_strings structure? It uses p_cansee() too. The location is the
same for all processes of the same ABI, so this does not look like sensitive
information, on the other hand it also seems to be used by debuggers only.

-- 
Mikolaj Golub

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86liqsawbh.fsf>