From owner-freebsd-security  Mon Apr 28 09:51:10 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA24025
          for security-outgoing; Mon, 28 Apr 1997 09:51:10 -0700 (PDT)
Received: from silence.secnet.com ([199.185.231.10])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA24019
          for <freebsd-security@freebsd.org>; Mon, 28 Apr 1997 09:51:07 -0700 (PDT)
Received: from localhost (davids@localhost) by silence.secnet.com (8.8.5/secnet) with SMTP id KAA02331 for <freebsd-security@freebsd.org>; Mon, 28 Apr 1997 10:55:17 -0600 (MDT)
Date: Mon, 28 Apr 1997 10:55:16 -0600 (MDT)
From: David Sacerdote <davids@secnet.com>
To: freebsd-security@freebsd.org
Subject: Re: Attaching to init with a debugger
Message-ID: <Pine.BSI.3.95.970428105432.2324A-100000@silence.secnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Yes, attaching to init with a debugger is a serious issue.  OpenBSD fixed 
this several months ago by forbidding debuggers to attach to pid 1 when 
the securelevel > 0.  If you choose to take this tack in dealing with the 
problem, make sure you fix not only the system call based interface, but 
procfs as well.  Also, don't forget that you can read symbol tables for a 
program from a seperate file; so the copy of init on the system need not 
have been compiled with -ggdb; the attacker needs merely to have source 
code for it.

David Sacerdote