Date: Sun, 4 Dec 2011 15:57:06 +0000 From: "Robert N. M. Watson" <rwatson@freebsd.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: Mikolaj Golub <trociny@freebsd.org>, Kostik Belousov <kostikbel@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: "ps -e" without procfs(5) Message-ID: <1E0AAB37-952A-49B4-94AF-B67B84E6957B@freebsd.org> In-Reply-To: <20111204143145.GA44832@stack.nl> References: <86y5wkeuw9.fsf@kopusha.home.net> <20111016171005.GB50300@deviant.kiev.zoral.com.ua> <86aa8qozyx.fsf@kopusha.home.net> <20111025082451.GO50300@deviant.kiev.zoral.com.ua> <86aa8k2im0.fsf@kopusha.home.net> <20111204143145.GA44832@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote: > On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote: >> [KERN_PROC_AUXV requires just p_cansee()] >=20 > If we are ever going to do ASLR, the AUXV information tells an = attacker > where the stack, executable and RTLD are located, which defeats much = of > the point of randomizing the addresses in the first place. >=20 > Given that the AUXV information seems to be used by debuggers only > anyway, I think it would be good to move it to p_candebug() now. >=20 > The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are = already > under p_candebug(). Agreed. In general, my view is that p_cansee() should be used for very = few of our process inspection APIs. I like your example of ASLR = especially, as it illustrates how debugging information can aid even = local attacks (i.e., user vs. setuid binary). Robert=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1E0AAB37-952A-49B4-94AF-B67B84E6957B>