From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3140 invoked by alias); 11 Jun 2007 09:38:19 -0000 Received: (qmail 3131 invoked by uid 22791); 11 Jun 2007 09:38:19 -0000 X-Spam-Check-By: sourceware.org Received: from mx01.microblue.de (HELO mail.microblue.de) (212.18.24.200) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 11 Jun 2007 09:38:16 +0000 Received: (qmail 8910 invoked by uid 210); 11 Jun 2007 09:38:14 -0000 Received: from 129.187.105.91 (mail@oliwel.de@129.187.105.91) by mail.microblue.de (envelope-from , uid 201) with qmail-scanner-2.01st (clamdscan: 0.90.2/3398. spamassassin: 3.1.8. perlscan: 2.01st. Clear:RC:1(129.187.105.91):. Processed in 0.025183 secs); 11 Jun 2007 09:38:14 -0000 Received: from unknown (HELO ?129.187.105.91?) (mail@oliwel.de@129.187.105.91) by 0 with ESMTPA; 11 Jun 2007 09:38:14 -0000 Message-ID: <466D17E4.8070703@oliwel.de> Date: Mon, 11 Jun 2007 09:38:00 -0000 From: Oliver Welter User-Agent: Thunderbird 2.0.0.0 (X11/20070420) MIME-Version: 1.0 To: Andreas Schwab CC: Tavis Ormandy , gdb@sourceware.org Subject: Re: How to protect a file from debugging References: <466D04E1.4010905@oliwel.de> <20070611091627.GB8386@sdf.lonestar.org> <466D14D5.4020007@oliwel.de> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig3D4C0F9FA3BCFE6BD43D3A9A" X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2007-06/txt/msg00072.txt.bz2 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig3D4C0F9FA3BCFE6BD43D3A9A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-length: 825 >> I have an application, lets say a simple text editor, that is used to >> read/write sensitive information. >> Now I start gdb, attach it to the process and call "gcore" which - for >> my understanding - dumps the entire memory of the process to a file. So >> the core dump reveals my secret data. >=20 > Why is that a problem? You are one only reading the same secret data > that you just entered yourself in the editor. >=20 Before the editor can access the data, its integrity is checked and the editor has certain properties, e.g. not allowing to store the data outside of an encrypted filesystem. So if an unchecked application can gather the data, it might leave the system. Oliver --=20 Protect your environment - close windows and adopt a penguin! PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF 8168 CAB7 B0DD 3985 1721 --------------enig3D4C0F9FA3BCFE6BD43D3A9A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" Content-length: 189 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGbRfkyrew3TmFFyERAnIgAJ4hwcQ8IdTbw5DEMTxdsHvbKXY1egCfS71f LAGaNH/iHzCCXsrMV9HBoTc= =tAp8 -----END PGP SIGNATURE----- --------------enig3D4C0F9FA3BCFE6BD43D3A9A--