Solaris SignalsFeb 12 2003 03:21AM Jon Masters (jonathan jonmasters org) (1 replies)
Re: Solaris SignalsFeb 13 2003 11:44AM Frank v Waveren (fvw var cx) (1 replies)
Re: Solaris SignalsFeb 14 2003 05:17PM ari (edelkind-bugtraq episec com) (1 replies)
Actually, many systems (current versions of solaris included) disallow
user ptrace(2) and restrict /proc access for processes whose binaries
are not readable. If you compile the binary statically (due to its
sensitive nature), you needn't worry about trickery with dynamic library
instructions.
Note that i only bring this up to further the information; i do not
condone the act of putting sensitive information into a binary that
executes without modified privileges (or, indeed, putting sensitive
information into an executable at all).
ari
--
[http://www.episec.com/people/edelkind/]
fvw (at) var (dot) cx [email concealed] said this stuff:
[...]
> Making programs execute-only is no security for such things unless you
> add a lot of weird-and-definately-not-wonderful special cases all over
> the OS. Even if you stop programs from dumping core if
> access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks
> and get access to the process' memory (or just log all library or system
> calls which gets you all the interesting stuff too, usually), and with
> a little creativity there's plenty of other ways to get around lack of
> read rights.
>
> --
> Frank v Waveren Fingerprint: 21A7 C7F3
> fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53
> Public key: hkp://wwwkeys.pgp.net/fvw (at) var (dot) cx [email concealed] 7BD9 09C0 3AC1 6DF2
user ptrace(2) and restrict /proc access for processes whose binaries
are not readable. If you compile the binary statically (due to its
sensitive nature), you needn't worry about trickery with dynamic library
instructions.
Note that i only bring this up to further the information; i do not
condone the act of putting sensitive information into a binary that
executes without modified privileges (or, indeed, putting sensitive
information into an executable at all).
ari
--
[http://www.episec.com/people/edelkind/]
fvw (at) var (dot) cx [email concealed] said this stuff:
[...]
> Making programs execute-only is no security for such things unless you
> add a lot of weird-and-definately-not-wonderful special cases all over
> the OS. Even if you stop programs from dumping core if
> access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks
> and get access to the process' memory (or just log all library or system
> calls which gets you all the interesting stuff too, usually), and with
> a little creativity there's plenty of other ways to get around lack of
> read rights.
>
> --
> Frank v Waveren Fingerprint: 21A7 C7F3
> fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53
> Public key: hkp://wwwkeys.pgp.net/fvw (at) var (dot) cx [email concealed] 7BD9 09C0 3AC1 6DF2
[ reply ]