[cap-talk] Don't put capabilities in argv?

David Hopwood david.hopwood at industrial-designers.co.uk
Sun Jul 13 06:34:43 CDT 2008

2008/7/12 David Wagner <daw at cs.berkeley.edu>:
> Kevin Reid writes:
> In article <261C264E-31CF-4980-9EEA-22A046FBF59F at mac.com> you write:
>>AFAIK, typical unix systems reveal command-line arguments of all
>>processes to all users. [..] Are there ways to eliminate the problem?
> Yes.  Overwrite your own argv to hide the command-line arguments.
> You'll want to overwrite environ, too.  (Of course, this leaves open a
> hopefully short time window before you manage to overwrite argv, during
> which command-line arguments are still visible to someone who looks at
> just the right time.)

What basis do we have to assume that this window is short? There is
a significant length of time after the process' argv becomes visible, and
before any code from the application itself runs, while (part of) the executable
image is being loaded from disk. I would not be surprised if this was quite
easily and reliably exploitable by a process that sits in a loop trying to read
the arguments (given that this process has permission to read them)

David-Sarah Hopwood

More information about the cap-talk mailing list