Subject: Re: Why not track our xsrc with X11R6.6 from X.org?
To: None <email@example.com>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 07/19/2001 15:29:09
[ On Thursday, July 19, 2001 at 11:16:01 (-0700), Andrey Petrov wrote: ]
> Subject: Re: Why not track our xsrc with X11R6.6 from X.org?
> On Thu, Jul 19, 2001 at 01:13:34AM -0400, R. C. Dowdeswell wrote:
> > And, to clarify that statement a little bit, there are certain memory
> > protections that reasonable Unices put even on root level processes, i.e.
> > you can't look at memory in other processes. This protection allows a
> What about /dev/(k)mem, procfs, ptrace?
- procfs is another thing that was added to the system without
understanding the full consequences (and that's true right back to the
original AT&T implementations, though at least a few of those bugs
have since been fixed in most implemenations).
- now that more proper sysctl interfaces are available for most former
kmem grovellers /dev/[k]mem should probably not be readable if
securelevel >= 2.
- ptrace is a major hole for root to slip through. It should probably
be completely disabled at securelevel >= 2 too, or at least limited
for use on processes actually started (not effectively running as) the
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>