Re: Spindump manages to bypass kauth protected dylib file, and read it's contents.
Re: Spindump manages to bypass kauth protected dylib file, and read it's contents.
- Subject: Re: Spindump manages to bypass kauth protected dylib file, and read it's contents.
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Fri, 14 Sep 2018 09:10:43 +0100
On 9 Aug 2018, at 12:57, Irad K <email@hidden> wrote:
> To achieve that, I use driver that listen to kauth vnode scope with callback
> that prevent any access to this file by other processes but my own.
I’m confused about your requirements here. The kernel has a long history of
being able to access a file’s contents without actually opening the file (I
first encountered this exec, many years ago). A user space process is not
going to be able to protect itself from the kernel.
With regards `spindump` specifically, it’s recording stack frames and symbols,
none of which should be especially private. And if you don’t want your symbols
showing up in the dump, strip them from your executable.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden