Date: Thu, 21 Feb 2008 17:41:14 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: ari edelkind <edelkind-freebsd-hackers@episec.com> Cc: freebsd-hackers@freebsd.org Subject: Re: encrypted executables Message-ID: <86hcg25kk5.fsf@ds4.des.no> In-Reply-To: <20080221023902.GI79355@episec.com> (ari edelkind's message of "Wed\, 20 Feb 2008 21\:39\:03 -0500") References: <86068e730802181718s1ad50d3axeae0dde119ddcf92@mail.gmail.com> <47BA3334.4040707@andric.com> <86068e730802181954t52e4e05ay65e04c5f6de9b78a@mail.gmail.com> <20080219040912.GA14809@kobe.laptop> <f8e3d83f0802200451r463f188bn881268b9b2768846@mail.gmail.com> <47BCD34F.7010309@freebsd.org> <20080221023902.GI79355@episec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ari edelkind <edelkind-freebsd-hackers@episec.com> writes: > Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is > already being traced. As for core files, a process can use > setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory > pages may be encrypted or unloaded, to be decrypted or loaded on > demand. The person running the application can trivially replace ktrace(), ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD. Ensuring that LD_PRELOAD is invisible to the application is left as an exercise to the reader. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86hcg25kk5.fsf>