Actually, many systems (current versions of solaris included) disallow user ptrace(2) and restrict /proc access for processes whose binaries are not readable. If you compile the binary statically (due to its sensitive nature), you needn't worry about trickery with dynamic library instructions. Note that i only bring this up to further the information; i do not condone the act of putting sensitive information into a binary that executes without modified privileges (or, indeed, putting sensitive information into an executable at all). ari -- [http://www.episec.com/people/edelkind/] fvwat_private said this stuff: [...] > Making programs execute-only is no security for such things unless you > add a lot of weird-and-definately-not-wonderful special cases all over > the OS. Even if you stop programs from dumping core if > access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks > and get access to the process' memory (or just log all library or system > calls which gets you all the interesting stuff too, usually), and with > a little creativity there's plenty of other ways to get around lack of > read rights. > > -- > Frank v Waveren Fingerprint: 21A7 C7F3 > fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53 > Public key: hkp://wwwkeys.pgp.net/fvwat_private 7BD9 09C0 3AC1 6DF2
This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 12:46:24 PST