By comparison, using ptrace to modify unwritable pages in HardenedBSD is disallowed by default due to our PaX NOEXEC implementation. FreeBSD/HardenedBSD doesn’t use procfs and is generally left umounted. procfs’ /proc/pid/mem on HardenedBSD is a fancy wrapper for ptrace.
We’ve applied extra hardening to procfs to mitigate malicious use of procfs, like this exploit did.
This post helped me understand a technique I was having a tough time explaining to a client a couple months back. Next time this comes up I’ll be better prepared! Thank you for posting this.
By comparison, using ptrace to modify unwritable pages in HardenedBSD is disallowed by default due to our PaX NOEXEC implementation. FreeBSD/HardenedBSD doesn’t use procfs and is generally left umounted. procfs’ /proc/pid/mem on HardenedBSD is a fancy wrapper for ptrace.
We’ve applied extra hardening to procfs to mitigate malicious use of procfs, like this exploit did.
This post helped me understand a technique I was having a tough time explaining to a client a couple months back. Next time this comes up I’ll be better prepared! Thank you for posting this.