Saagar Jha (@saagar@saagarjha.com)

Iwasawa 🌟 (one hikari of too many)

04/15/2024

so i tested it (https://gist.github.com/hikari-no-yume/ea99e733f6d99cb9b43c5680b3245a51) and apparently modern-ish linux doesn't let you read other processes' memory without root access. but the file permissions suggest i should be able to. is this like a selinux thing or a kernel default or what. ubuntu 20.04 lts btw

2 replies →

2 replies

Richard Barrell

04/15/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari possibly related, there are some settings for turning off ptrace() that ubuntu enables by default, so maybe they did lock down all methods of leaking memory contents between processes running as the same non root user?

Saagar Jha

04/16/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari Yeah it’s become mindful

Iwasawa 🌟 (one hikari of too many)

04/15/2024 (replying to Iwasawa 🌟 (one hikari of too many))

tbh if i was making the default config for a server os i would disable /proc/xxx/mem. if you have rce but no privilege escalation there'd be lots of fun you could have with it otherwise

1 replies →

1 replies

Saagar Jha

04/16/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari task_for_pid is actually kind of a good security model don’t @ me

Iwasawa 🌟 (one hikari of too many)

04/16/2024 (replying to Saagar Jha)

@saagar i agree, i have some complaints but overall i think “system integrity protection” and related things are quite well-designed

Saagar Jha

04/16/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari If Apple ships AMFI Trusted Keys I will go back and like this

Iwasawa 🌟 (one hikari of too many)

04/16/2024 (replying to Saagar Jha)

@saagar could you tell me more about what the hell that is

2 replies →

2 replies

Saagar Jha

04/16/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari Image if you could be the root of trust on your machine

Skip R. :ms_two_male_symbols:

04/16/2024 (replying to Saagar Jha)

@saagar @hikari (pain noise from having been complaining about this for months)

Skip R. :ms_two_male_symbols:

04/16/2024 (replying to Iwasawa 🌟 (one hikari of too many))

@hikari @saagar at risk of dunning-krugering too hard i think what Saagar is trying to get at is that because SIP is the first line of defense in a lot of ways your two choices are "be able to snoop on platform binaries/poke around, but your security posture is utterly fucked" and "literally can't do anything interesting"

Saagar Jha

04/16/2024 (replying to Skip R. :ms_two_male_symbols:)

@slice @hikari This is actually the security model of all computers Apple just identifies it as something specific

Skip R. :ms_two_male_symbols:

04/16/2024 (replying to Saagar Jha)

@saagar @hikari it actually drives me insane that Apple actually has the opportunity to innovate here (and has, e.g. wrt BootPolicy) but they just don't