Date: Wed, 7 Jun 2006 09:31:22 -0500 From: James Riendeau <jtriende@wisc.edu> To: Tofik Suleymanov <secnews@oxygen.az> Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@freebsd.org Subject: Re: reading process memory Message-ID: <ED5EC8BD-0A92-4D73-BC01-48FD930311FF@wisc.edu> In-Reply-To: <4486A111.6020300@oxygen.az> References: <4486A111.6020300@oxygen.az>
next in thread | previous in thread | raw e-mail | index | archive | help
How are you defining "assuming right privileges"? The only way you're going to be able to read another processes address space is in the kernel. Even a process running as root is not able to read another process's data. One of the principle responsibilities of the OS is to manage the private memory space of each process, and I emphasize private. The last thing you would want on a secure system is the ability of other processes to read or write to another process's address space. Even a parent process should not be able to read a child's address space, as the fork logically duplicates their address space and they go their separate ways. An attempt to read another processes address space should trap to the kernel and the kernel should kill the process immediately. There is one exception to this: you can setup a pipe or memory share between two processes, however, both processes have to agree to share some memory or connect via a pipe. I'm not going to give you a howto via email as the subject usually fills a solid chapter in most OS books. James Riendeau MMI Computer Support Technician 1300 University Ave Rm. 436, Dept. of MedMicro Madison, WI 53706 Phone: (608) 262-3351 After-hours Phone: (608) 260-2696 Fax: (608) 262-8418 Email: jtriende@wisc.edu On Jun 7, 2006, at 4:49 AM, Tofik Suleymanov wrote: > Hello, folks > > I believe that it is possible to read contents of the memory used/ > utilized by a process (assuming right privileges). > First i've tried to do this through procfs by reading 'mem' > property of the given process, but no success. > Maybe there is another way of doing such things ? > Any clue would be appreciated. > > Thanks, > Tofik Suleymanov > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ED5EC8BD-0A92-4D73-BC01-48FD930311FF>