This is the mail archive of the gdb@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How to protect a file from debugging


On Mon, Jun 11, 2007 at 11:37:40AM +0200, Oliver Welter wrote:
> >> I have an application, lets say a simple text editor, that is used to
> >> read/write sensitive information.
> >> Now I start gdb, attach it to the process and call "gcore" which - for
> >> my understanding - dumps the entire memory of the process to a file. So
> >> the core dump reveals my secret data.
> > 
> > Why is that a problem?  You are one only reading the same secret data
> > that you just entered yourself in the editor.
> > 
> 
> Before the editor can access the data, its integrity is checked and the
> editor has certain properties, e.g. not allowing to store the data
> outside of an encrypted filesystem. So if an unchecked application can
> gather the data, it might leave the system.
> 
> Oliver

Are you already using mlock()? If so presumably you're starting setuid
root, and the kernel will already be enforcing a secure execution
environment, preventing ptrace(), so you dont have to worry about this.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]