> The following commands were marked as "safe": > > Clear Breakpoint > Enable Breakpoint > Disable Breakpoint > Display exception frame > Stack traceback
This is sufficient to steal cryptographic keys in many environments. In fact you merely need two or three breakpoints and to log the order they are hit through the crypto computation. > Display stack for process Exposes all sorts of user data unless you mean just the call trace, in which case it's still quite useful. > Display stack all processes Ditto > Send a signal to a process Like say sending SIGSTOP to security monitoring threads or the battery manager on locked devices that rely on software battery management ? It's an interesting idea but you need almost nothing to extract keys from a system or to subvert it. Alan ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Kgdb-bugreport mailing list Kgdb-bugreport@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport
