>Actually, many systems (current versions of solaris included) disallow
>user ptrace(2) and restrict /proc access for processes whose binaries
>are not readable. If you compile the binary statically (due to its
>sensitive nature), you needn't worry about trickery with dynamic library
>instructions.
>
>Note that i only bring this up to further the information; i do not
>condone the act of putting sensitive information into a binary that
>executes without modified privileges (or, indeed, putting sensitive
>information into an executable at all).
It's already difficult to write meaningful statically linked
programs n Solaris (no XXX name lookups can be made to work)
Also, Sun has publicly announced that it will discontinue static
libraries in Solaris 10, so it will become hard to even create
them.
(there are probably devious ways to read x-only files as well;
for one, NFS can't distinguish between reads and executes)
>Actually, many systems (current versions of solaris included) disallow
>user ptrace(2) and restrict /proc access for processes whose binaries
>are not readable. If you compile the binary statically (due to its
>sensitive nature), you needn't worry about trickery with dynamic library
>instructions.
>
>Note that i only bring this up to further the information; i do not
>condone the act of putting sensitive information into a binary that
>executes without modified privileges (or, indeed, putting sensitive
>information into an executable at all).
It's already difficult to write meaningful statically linked
programs n Solaris (no XXX name lookups can be made to work)
Also, Sun has publicly announced that it will discontinue static
libraries in Solaris 10, so it will become hard to even create
them.
(there are probably devious ways to read x-only files as well;
for one, NFS can't distinguish between reads and executes)
Casper
[ reply ]