ari edelkind <[EMAIL PROTECTED]> writes: > Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is > already being traced. As for core files, a process can use > setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory > pages may be encrypted or unloaded, to be decrypted or loaded on > demand.
The person running the application can trivially replace ktrace(), ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD. Ensuring that LD_PRELOAD is invisible to the application is left as an exercise to the reader. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
