Fw: [ale] proc

MetroBoy metroboy at sprynet.com
Wed Jun 23 22:42:51 EDT 1999


> show)Everything. As it swaps processes in and out it must have ready
> access to variables and info. Voila /proc. The numbered files
> (directories) corespond to the open processes. Interestingly, it does
> not really take up space; hence the zero sized entries. So removing it
> won't save you any. They exist in ram and the CPU itself. You can cat
> them to read them and 'cat <file >/proc/somentry is the equivalent of
> the old Applesoft poke command. (not to be used lightly however).
>
> Some programs read them directly. For example, route or netstat. After
a
> while you will be able to read them too if you look at them.

This sounds like a security violation if one user's processes can read
data from another user's processes by just looking at the virtual
memory.  Yesterday I was reading about a feature/bug/app/Trojan in
Multics that used this technique to bypass security.

What am I missing here, besides a clue?

Ed






More information about the Ale mailing list