Date: Mon, 26 Jul 1999 01:30:02 -0700 (PDT) From: <jkoshy@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/3546: ktrace works even if no read permission Message-ID: <199907260830.BAA26504@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/3546; it has been noted by GNATS. From: <jkoshy@FreeBSD.org> To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/3546: ktrace works even if no read permission Date: Mon, 26 Jul 1999 01:23:51 -0700 (PDT) Post discussion on -hackers, there is enough evidence to argue that the change does not do add significant security: Summary of arguments against the change: * [imp@freebsd.org] A libc wrapper which logs syscall entry points (userland tracing) can bypass the check. * [sef@freebsd.org] A core dump can still expose the program text. `procfs' and `ptrace' can be used to examine the process contents. Making security conscious programs setuid in the presence of KTRACE is a better approach. I will close the PR shortly. Koshy <jkoshy@freebsd.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907260830.BAA26504>