[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypted executables



Dag-Erling Smørgrav wrote:
 > ari edelkind <edelkind-freebsd-hackers_(_at_)_episec_(_dot_)_com> writes:
 > > Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is
 > > already being traced.  As for core files, a process can use
 > > setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory
 > > pages may be encrypted or unloaded, to be decrypted or loaded on
 > > demand.
 > 
 > The person running the application can trivially replace ktrace(),
 > ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD.

Right.  And for a static binary (which doesn't respect
LD_PRELOAD), it's fairly trivial to patch the syscalls
so they're a no-op when called from the binary.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

In my experience the term "transparent proxy" is an oxymoron (like jumbo
shrimp).  "Transparent" proxies seem to vary from the distortions of a
funhouse mirror to barely translucent.  I really, really dislike them
when trying to figure out the corrective lenses needed with each of them.
        -- R. Kevin Oberman, Network Engineer
_______________________________________________
freebsd-hackers_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe_(_at_)_freebsd_(_dot_)_org"


Visit your host, monkey.org