Date: Thu, 20 Aug 1998 22:10:02 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: matthew@wolfepub.com (Matthew Hagerty) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Trapping memory Message-ID: <199808202210.PAA28020@usr04.primenet.com> In-Reply-To: <3.0.3.32.19980820101150.006c0da8@wolfepub.com> from "Matthew Hagerty" at Aug 20, 98 10:11:50 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Is there some way to trap or detect when some other program is trying to > read memory used by another program? Yes, the program attempting to do the read segfaults. It seems your question would be better formulated as "is there any way to ask the kernel to tell me that someone is reading my pages out of /dev/mem"? The answer is "no"; pages do not have credentials, only page maps, and then only because of their association with a process. For higher "secure levels", access to /dev/mem is denied, as is access to /dev/kmem and the loading of kernel modules. > For example, I have an encryption/decryption daemon that holds its key in > memory. I have been told that there is really no way to protect the memory > used by the daemon in the case of a root compromise. However, if I could > somehow detect another program trying to access my daemon's memory space, > then I could have the daemon dump the key and shutdown. If root is compromised, they can relax the secure level on the next boot. They can also load kernel modules to disable any monitoring they want, before they raise the secure level and give you a false sense of security. > Any insight would be greatly appreciated. Do an Altavista search on "Capabilities". Really, there is no way to make it so that your privacy isn't at the mercy of whoever controls your hardware. The worst case, they can install dual ported RAM or a RAM emulator, and merely read the data out without impacting the OS's knowledge of whether or not this has happened. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808202210.PAA28020>