From owner-freebsd-hackers@FreeBSD.ORG Thu Feb 21 05:55:11 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFAD416A403 for ; Thu, 21 Feb 2008 05:55:11 +0000 (UTC) (envelope-from xistence@0x58.com) Received: from mailexchange.osnn.net (1e.66.5646.static.theplanet.com [70.86.102.30]) by mx1.freebsd.org (Postfix) with SMTP id 8549313C44B for ; Thu, 21 Feb 2008 05:55:11 +0000 (UTC) (envelope-from xistence@0x58.com) Received: (qmail 37487 invoked by uid 0); 21 Feb 2008 05:55:10 -0000 Received: from unknown (HELO wideload.network.lan) (xistence@0x58.com@68.228.228.123) by mailexchange.osnn.net with SMTP; 21 Feb 2008 05:55:10 -0000 Cc: FreeBSD Hackers Message-Id: <07F059CA-D46C-4B2E-B047-FE65E7FAA6FD@0x58.com> From: Bert JW Regeer In-Reply-To: <20080221031856.GA17599@britannica.bec.de> Content-Type: multipart/signed; boundary=Apple-Mail-1--219709801; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v919.2) Date: Wed, 20 Feb 2008 22:54:33 -0700 References: <86068e730802181718s1ad50d3axeae0dde119ddcf92@mail.gmail.com> <47BA3334.4040707@andric.com> <86068e730802181954t52e4e05ay65e04c5f6de9b78a@mail.gmail.com> <20080219040912.GA14809@kobe.laptop> <47BCD34F.7010309@freebsd.org> <20080221023902.GI79355@episec.com> <20080221031856.GA17599@britannica.bec.de> X-Mailer: Apple Mail (2.919.2) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: encrypted executables X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 05:55:11 -0000 --Apple-Mail-1--219709801 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Feb 20, 2008, at 20:18 , Joerg Sonnenberger wrote: > On Wed, Feb 20, 2008 at 09:39:03PM -0500, ari edelkind wrote: >> Mind you, it's true that disabling core dumps with a resource limit >> doesn't keep one from creating a core image using gcore, but since >> gcore >> generally must either attach to a process using ptrace() or access >> mapped code segments in the original binary (depending on the >> implementation), it won't help in such a case, either. > > What prevents me from patching the kernel (!) to just ignore the > resource limit? Nothing. > > Joerg Or for that matter ignoring the first ptrace() so that on the second ptrace call we make we can attach without a problem? On an open system like FreeBSD or Linux it is practically impossible to guarantee that the binary that is encrypted can't be tampered with in such a way, or have it's un-encrypted code dumped. Even on Windows this is hard, since the kernel is open for so many attack vectors, including but not limited to writing new kernel modules that hook certain kernel functions to do what I just mentioned. The openness of an Open Source system that allows an attacker to easily modify the OS the executables are running on is the biggest problem. There is no guaranteed code execution path, no guarantee that syscall's will do what you ask them to do. Bert JW Regeer --Apple-Mail-1--219709801--