Date: Thu, 21 Feb 2008 18:11:35 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-hackers@FreeBSD.ORG, des@des.no, edelkind-freebsd-hackers@episec.com Subject: Re: encrypted executables Message-ID: <200802211711.m1LHBZ3b061944@lurza.secnetix.de> In-Reply-To: <86hcg25kk5.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smørgrav wrote: > ari edelkind <edelkind-freebsd-hackers@episec.com> writes: > > Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is > > already being traced. As for core files, a process can use > > setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory > > pages may be encrypted or unloaded, to be decrypted or loaded on > > demand. > > The person running the application can trivially replace ktrace(), > ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD. Right. And for a static binary (which doesn't respect LD_PRELOAD), it's fairly trivial to patch the syscalls so they're a no-op when called from the binary. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd In my experience the term "transparent proxy" is an oxymoron (like jumbo shrimp). "Transparent" proxies seem to vary from the distortions of a funhouse mirror to barely translucent. I really, really dislike them when trying to figure out the corrective lenses needed with each of them. -- R. Kevin Oberman, Network Engineer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802211711.m1LHBZ3b061944>