| Matthias Buelow 2005-06-27, 5:53 pm |
| Peter Seibel <peter@gigamonkeys.com> writes:
>But the key phrase here is "as long as the process is running". I may
>be okay with someone with sufficient privileges logged into the box
>while the program is run being able to see what's going on while still
>wanting to hide it from someone who comes along later, after the
>program has run.
Also make sure to getrlimit() RLIMIT_CORE to 0 in your program startup
and/or to catch all coredumping signals, otherwise that someone might
set up a cronjob that'll just kill your process, and grab the corefile
for later inspection (although I'm not sure if that can also be
achieved by copying the respective entry from /proc. Is there no way
to restrict this? I mean, there should be, or else /proc could be
considered a mild security problem and it would probably be wise not
to mount it).
mkb.
|