Date: Sun, 4 Dec 2011 15:57:06 +0000 From: "Robert N. M. Watson" <rwatson@freebsd.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: Mikolaj Golub <trociny@freebsd.org>, Kostik Belousov <kostikbel@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: "ps -e" without procfs(5) Message-ID: <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org> In-Reply-To: <20111204143145.GA44832@stack.nl> References: <86y5wkeuw9.fsf@kopusha.home.net> <20111016171005.GB50300@deviant.kiev.zoral.com.ua> <86aa8qozyx.fsf@kopusha.home.net> <20111025082451.GO50300@deviant.kiev.zoral.com.ua> <86aa8k2im0.fsf@kopusha.home.net> <20111204143145.GA44832@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote: > On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote: >> [KERN_PROC_AUXV requires just p_cansee()] > > If we are ever going to do ASLR, the AUXV information tells an attacker > where the stack, executable and RTLD are located, which defeats much of > the point of randomizing the addresses in the first place. > > Given that the AUXV information seems to be used by debuggers only > anyway, I think it would be good to move it to p_candebug() now. > > The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already > under p_candebug(). Agreed. In general, my view is that p_cansee() should be used for very few of our process inspection APIs. I like your example of ASLR especially, as it illustrates how debugging information can aid even local attacks (i.e., user vs. setuid binary). Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1E0AAB37-952A-49B4-94AF-B67B84E6957B>