This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: How to protect a file from debugging
On Mon, Jun 11, 2007 at 11:37:40AM +0200, Oliver Welter wrote:
> >> I have an application, lets say a simple text editor, that is used to
> >> read/write sensitive information.
> >> Now I start gdb, attach it to the process and call "gcore" which - for
> >> my understanding - dumps the entire memory of the process to a file. So
> >> the core dump reveals my secret data.
> >
> > Why is that a problem? You are one only reading the same secret data
> > that you just entered yourself in the editor.
> >
>
> Before the editor can access the data, its integrity is checked and the
> editor has certain properties, e.g. not allowing to store the data
> outside of an encrypted filesystem. So if an unchecked application can
> gather the data, it might leave the system.
>
> Oliver
Are you already using mlock()? If so presumably you're starting setuid
root, and the kernel will already be enforcing a secure execution
environment, preventing ptrace(), so you dont have to worry about this.
Thanks, Tavis.
--
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------