Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Reading the memory of another process is not allowed on modern OS for precisely that reason, so this would be another exploit.

both Linux and Windows allow processes to read the memory of other processes running as the same user, via ptrace() and /proc/pid/mem on Linux, and via ReadProcessMemory() on Windows.

(how else could you ever debug anything?)



Yes, but PTRACE can be disallowed by the process and behaves differently on some kernels, e.g. Ubuntu hardened:

https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening... https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace

They usually only allow ptrace from parent to child or as root.

Also, wrt debugging, see the comment in the second link:

> If you are running a machine and do not plan on debugging the applications on this machine, you should turn this boolean on.


ReadProcessMemory() requires the process to have debug privileges.

(how else could you ever secure anything?)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: