Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Feb 2025 23:04:46 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 285021] the procctl PROC_TRACE_CTL doesn't work as expected
Message-ID:  <bug-285021-227-URjsQm1Ft0@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-285021-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-285021-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285021

--- Comment #7 from WZIS Software <wzis@hotmail.com> ---
Our software now can combat root-based attacks when the attacker tries to u=
sing
gdb to dynamically debug our program, using truss to attach our process, tr=
ies
to open /dev/mem, /dev/kmem to checking the memory to find critical info fr=
om
our process or from our software protected program. But without the procctl=
 to
function properly, our software is still not able to combat attacks that
creating a coredump from our process or protected process.

[root@bsd123 ~]# truss -p 3652
truss: can not attach to target process: Function not implemented
[root@bsd123 ~]# gdb -p 3652
GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.2".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
Attaching to process 3652
ptrace: Function not implemented.
(gdb) quit
[root@bsd123 ~]# sleep 1000 </dev/mem
Killed
[root@bsd123 ~]# sleep 1000 </dev/kmem
Killed
[root@bsd123 ~]#

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-285021-227-URjsQm1Ft0>