Re: Protected Memory
Re: Protected Memory
- Subject: Re: Protected Memory
- From: John Davidorff Pell <email@hidden>
- Date: Wed, 15 Feb 2006 11:56:43 -0800
This is definitely possible, and relatively easy* to do. However, it
is quite dangerous. You have a couple of options:
1) Load the code into the target application at launch (using some
sort of plugin), or inject code into another running application at
some later time. To do the first, you should ask the APE or SIMBL
people how they do it. WARNING: This is a good way to get a huge
number of people to hate your software, since it will potentially
damage other unrelated applications. i.e. your code will not be
loaded into the target application, but rather into *every* application.
2) Use mach_inject/mach_override. This is where Alex's security hole
comes in. the microkernel for Mac OS X/Darwin allows for running
applications to start execution threads (mach threads, not posix
threads) in a task other than its own (another application). WARNING:
This is a good way to totally hose the target application, but won't
affect anything else. WARNING: This will break with (more or less)
every major Darwin/Mac OS X release. WARNING: This may be a security
hole and will be patched eventually. Technically speaking, this is
not a security hole since it cannot be used to escalate privileges.
All it can do is allow a user to alter his/her/its own processes.
Since a user owns his/her/its own processes, this is not security
related. It does violate "protected memory", but "protected" means
that one application cannot unintentionally corrupt another's
workspace, it has nothing to do with security. See
http://rentzsch.com/mach_inject
and
http://rentzsch.com/mach_override
for more information.
JP
P.S. If any of the above is a security risk (which its not), then
keeping it secret (but freely available elsewhere) is totally
meaningless.
P.P.S. *When I say easy, I mean ridiculously obtuse and prohibitively
complex.
On 14 Feb 2006, at 14:51, William Riley-Land wrote:
Hi, I haven't posted here before. So, nice to meet you all and
hope this isn't off topic :)
I was wondering if it is possible at all for one userland
application to access another application's memory space. By
"userland" I mean non-kernel code... that's the correct term
right? I had a program under OS 9 that could be used to do this
(mostly to cheat at games :)
I understand that under Darwin memory is "protected" and one
application can only use its memory space and/or shared memory
(which I have no idea about at all).
Anyway, my secondary question is: can one application access
another's memory?
I am dissapointed that I have to ask this question, but I could not
find any sort of in-depth documentation of Darwin's memory
management on the Apple site or after doing a bit of Googling...
So, my main question is where can I find that sort of information?
--
-william
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com
This email sent to email@hidden
--
"... was it a dream where you see yourself standing in sort-of Sun-
God robes, on a pyramid, with a thousand naked women screaming and
throwing little pickles at you? ... Why am I the only one who has
that dream?"
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden