Geoff Thorpe <[EMAIL PROTECTED]> writes:
>Modern operating systems generally make memory
>scanning a lot more difficult in a process that has setuid()'d from root
>to something else. Apache's setuid prevents core-dumping.
Ok, forget gcore. Use ptrace. From the FreeBSD ptrace docs:
"This request requires that the target process must have the same
real UID as the tracing process, and that it must not be executing
a setuid or setgid executable. (If the tracing process is running
as root, these restrictions do not apply.)"
And, if ptrace doesn't do it for you, there's always something else to try.
Even with features like FreeBSD's security levels, once someone has
compromised root on your server, you should pretty much assume you've
also lost any private keys in active use, whether encrypted or not.
-Michael Robinson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
