zlacker

[parent] [thread] 1 comments
1. codedo+(OP)[view] [source] 2023-04-05 23:02:57
This is wrong, on Windows there are system calls to access memory of other process and on Linux you can do it using debugging. Also on Windows there is a tradition to inject libraries into other processes, create threads in processes etc.
replies(1): >>accoun+b11
2. accoun+b11[view] [source] 2023-04-06 07:56:38
>>codedo+(OP)
On Linux, ptrace permissions can be restricted [0] and some distributions do this by default.

Whether this provides any meaningful security is questionable unless you pair it with filesystem isolation to prevent malicious programs from modifying config files / bashrc / etc. Meanwhile it does make legit uses of ptrace more annoying.

[0] https://www.kernel.org/doc/Documentation/security/Yama.txt

[go to top]