ari edelkind writes:
> Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is
> already being traced. As for core files, a process can use
> setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory
> pages may be encrypted or unloaded, to be decrypted or loaded on
> demand.


The person running the application can trivially replace ktrace(),
ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD.

Ensuring that LD_PRELOAD is invisible to the application is left as an
exercise to the reader.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/lis...reebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"