Date: Sun, 4 Dec 2011 22:19:15 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Mikolaj Golub <trociny@freebsd.org> Cc: Kostik Belousov <kostikbel@gmail.com>, freebsd-hackers@freebsd.org, "Robert N. M. Watson" <rwatson@freebsd.org> Subject: Re: "ps -e" without procfs(5) Message-ID: <20111204211915.GA46340@stack.nl> In-Reply-To: <86liqsawbh.fsf@kopusha.home.net> References: <86y5wkeuw9.fsf@kopusha.home.net> <20111016171005.GB50300@deviant.kiev.zoral.com.ua> <86aa8qozyx.fsf@kopusha.home.net> <20111025082451.GO50300@deviant.kiev.zoral.com.ua> <86aa8k2im0.fsf@kopusha.home.net> <20111204143145.GA44832@stack.nl> <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org> <86liqsawbh.fsf@kopusha.home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 04, 2011 at 10:58:10PM +0200, Mikolaj Golub wrote: > RNMW> Agreed. In general, my view is that p_cansee() should be used for very > RNMW> few of our process inspection APIs. I like your example of ASLR > RNMW> especially, as it illustrates how debugging information can aid even > RNMW> local attacks (i.e., user vs. setuid binary). > What do you think about recently added kern.proc.ps_strings, which > returns location of ps_strings structure? It uses p_cansee() too. The > location is the same for all processes of the same ABI, so this does > not look like sensitive information, on the other hand it also seems > to be used by debuggers only. With stack ASLR, the address will not be the same for every process of the same ABI and will be sensitive information. Therefore I think this should be locked down too. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111204211915.GA46340>