Date: Mon, 28 Apr 1997 10:55:16 -0600 (MDT) From: David Sacerdote <davids@secnet.com> To: freebsd-security@freebsd.org Subject: Re: Attaching to init with a debugger Message-ID: <Pine.BSI.3.95.970428105432.2324A-100000@silence.secnet.com>
next in thread | raw e-mail | index | archive | help
Yes, attaching to init with a debugger is a serious issue. OpenBSD fixed this several months ago by forbidding debuggers to attach to pid 1 when the securelevel > 0. If you choose to take this tack in dealing with the problem, make sure you fix not only the system call based interface, but procfs as well. Also, don't forget that you can read symbol tables for a program from a seperate file; so the copy of init on the system need not have been compiled with -ggdb; the attacker needs merely to have source code for it. David Sacerdote
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970428105432.2324A-100000>