Hello
While working on a project I learned that a process can
mmap() another process' address space (owned by the same
user) via /proc/pid/mem. Now it makes me wonder if there
is a way a process can prevent some other process from
accessing any of its address space. Not being able to do
so would open up a potential security hole that would
enable the superuser to extract the information that is
supposed to stay private by mmap()ing the address space
of an intresting process into its own and examining (and
possibly modifying) it.
root can do anything anyhow. If you prevent this then root can just mmap to
/proc/kcore and get as stuff anyhow.
This is almost nothing you can do against evil superusers.... in general if
you don't piss them off, you won't get larted because they usually have much
better things to do...
In general the ability to mmap to other processes is _way_ kewl and very
useful for debugging, etc. Removing this ability would gain nothing...
-Chris