On 4 Dec 2011, at 14:31, Jilles Tjoelker wrote: > On Sat, Oct 29, 2011 at 01:32:39PM +0300, Mikolaj Golub wrote: >> [KERN_PROC_AUXV requires just p_cansee()] > > If we are ever going to do ASLR, the AUXV information tells an attacker > where the stack, executable and RTLD are located, which defeats much of > the point of randomizing the addresses in the first place. > > Given that the AUXV information seems to be used by debuggers only > anyway, I think it would be good to move it to p_candebug() now. > > The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already > under p_candebug().
Agreed. In general, my view is that p_cansee() should be used for very few of our process inspection APIs. I like your example of ASLR especially, as it illustrates how debugging information can aid even local attacks (i.e., user vs. setuid binary). Robert_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
