From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12522 invoked by alias); 11 Jun 2007 10:04:50 -0000 Received: (qmail 12513 invoked by uid 22791); 11 Jun 2007 10:04:49 -0000 X-Spam-Check-By: sourceware.org Received: from mx.freeshell.ORG (HELO sdf.lonestar.org) (192.94.73.18) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 11 Jun 2007 10:04:48 +0000 Received: from sdf.lonestar.org (taviso@faeroes.freeshell.org [192.94.73.9]) by sdf.lonestar.org (8.14.1/8.13.8) with ESMTP id l5BA4WJk003802; Mon, 11 Jun 2007 10:04:32 GMT Received: from localhost (localhost [[UNIX: localhost]]) by sdf.lonestar.org (8.14.1/8.12.8/Submit) id l5BA4VWs020646; Mon, 11 Jun 2007 10:04:32 GMT Date: Mon, 11 Jun 2007 10:04:00 -0000 From: Tavis Ormandy To: Oliver Welter Cc: Andreas Schwab , gdb@sourceware.org Subject: Re: How to protect a file from debugging Message-ID: <20070611100425.GC8386@sdf.lonestar.org> References: <466D04E1.4010905@oliwel.de> <20070611091627.GB8386@sdf.lonestar.org> <466D14D5.4020007@oliwel.de> <466D17E4.8070703@oliwel.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <466D17E4.8070703@oliwel.de> User-Agent: Mutt/1.5.13 (2006-08-11) X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2007-06/txt/msg00074.txt.bz2 On Mon, Jun 11, 2007 at 11:37:40AM +0200, Oliver Welter wrote: > >> I have an application, lets say a simple text editor, that is used to > >> read/write sensitive information. > >> Now I start gdb, attach it to the process and call "gcore" which - for > >> my understanding - dumps the entire memory of the process to a file. So > >> the core dump reveals my secret data. > > > > Why is that a problem? You are one only reading the same secret data > > that you just entered yourself in the editor. > > > > Before the editor can access the data, its integrity is checked and the > editor has certain properties, e.g. not allowing to store the data > outside of an encrypted filesystem. So if an unchecked application can > gather the data, it might leave the system. > > Oliver Are you already using mlock()? If so presumably you're starting setuid root, and the kernel will already be enforcing a secure execution environment, preventing ptrace(), so you dont have to worry about this. Thanks, Tavis. -- ------------------------------------- taviso@sdf.lonestar.org | finger me for my pgp key. -------------------------------------------------------