d7bc6cbb3c
This module tries to restrict the ability of other processes to access the memory of our process. Traditionally, on Linux, one process can access the memory of another arbitrary process if both are running as the same user (uid). (Root can ofc access the memory of ~any process) Programs can opt-out from this by setting `prctl(PR_SET_DUMPABLE, 0);` also see https://man.archlinux.org/man/PR_SET_DUMPABLE.2const.en ----- Also, from https://unix.stackexchange.com/a/518452 : In a terminal window: ``` % echo $$ # show our pid 6744 % read -sp 'secret password: '; echo secret password: % ``` Then in another terminal window: ``` % grep heap /proc/6744/maps 01bb7000-01c3e000 rw-p 00000000 00:00 0 [heap] % dd if=/proc/6744/mem bs=1 skip=$((0x01bb7000)) count=$((0x01c3e000-0x01bb7000)) status=none | strings | less ... % dd if=/proc/6744/mem bs=1 skip=$((0x01bb7000)) count=$((0x01c3e000-0x01bb7000)) status=none | strings | grep obiwan obiwan_kenobi # "secret password" ```
23 KiB
Executable File
23 KiB
Executable File