Home > Archive > Unix Programming > July 2004 > non-readable files really readable?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
non-readable files really readable?
|
|
| j0mbolar 2004-07-28, 9:05 pm |
| under any flavor of unix(freebsd) or unix derivative, such as linux,
it is possible for non-readable files to be read? For example, I could
use ptrace to trace a program and step through it and debug it even
though the executable is marked as non-readable for "other". Is it
also possible to somehow dump the contents of the file so that you are
able to create a copy of a non-readable executable? It looks like
/proc/<pid>/mem allows this. Though I think "mem" contains only the
pages of the process currently in memory, not any swapped out. So this
would allow people on my system to possibly make a copy of a
non-readable file. Which makes me wonder, are there other ways to do
this? That is, to make copies of non-readable files, that are set
non-readable for "other". I'm interested in knowing of over methods so
I can effectively prevent it.
| |
| Casper H.S. Dik 2004-07-28, 9:05 pm |
| j0mbolar@engineer.com (j0mbolar) writes:
>under any flavor of unix(freebsd) or unix derivative, such as linux,
>it is possible for non-readable files to be read? For example, I could
>use ptrace to trace a program and step through it and debug it even
>though the executable is marked as non-readable for "other". Is it
>also possible to somehow dump the contents of the file so that you are
>able to create a copy of a non-readable executable? It looks like
>/proc/<pid>/mem allows this. Though I think "mem" contains only the
>pages of the process currently in memory, not any swapped out. So this
>would allow people on my system to possibly make a copy of a
>non-readable file. Which makes me wonder, are there other ways to do
>this? That is, to make copies of non-readable files, that are set
>non-readable for "other". I'm interested in knowing of over methods so
>I can effectively prevent it.
Under Solaris and probably some others you are not allowed to trace
applications of which you cannot read the executable. It is, however,
still possible to LD_PRELOAD something that dumps the memory.
Casper
| |
| joe durusau 2004-07-28, 9:05 pm |
|
"Casper H.S. Dik" wrote:
> j0mbolar@engineer.com (j0mbolar) writes:
>
>
> Under Solaris and probably some others you are not allowed to trace
> applications of which you cannot read the executable. It is, however,
> still possible to LD_PRELOAD something that dumps the memory.
>
> Casper
Also, I would think about how important the information is that the O.P. is
trying to protect. After all, at most places, there are hours when nobody
is normally present, and access to all the information on the system could
be gained, not to mention the possibility of bribing someone who knows
the root password.
Speaking only for myself,
Joe Durusau
|
|
|
|
|