Linux是否支持进程的内存隔离? [英] Does Linux support memory isolation for processes?

查看:804
本文介绍了Linux是否支持进程的内存隔离?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

更详细地,问题是:没有root权限,一个进程是否有可能读取(不仅写入)另一个进程的内存? (例如,通过某种方式阅读/proc/gcore或/proc/[PID]/mem.我不确定他们的权限要求.)

In more detail, the question is: without root permission, is it possible for a process to read (not only write) the memory of another process? (eg. by somehow reading /proc/gcore or /proc/[PID]/mem. I'm not sure their permission requirements yet.)

我确实知道虚拟地址已实现,并且每个进程都有自己的空间.我进行了快速搜索,但找不到强有力的保证,也没有找到破解的方法. 本文说:

I do understand that virtual address is implemented and each process has its own space. I did a quick search but find neither strong guarantees nor approaches to hack. This article says:

系统中的每个进程都有其自己的虚拟地址空间.这些虚拟地址空间彼此完全分开,因此运行一个应用程序的进程不能影响另一个应用程序.而且,硬件虚拟内存机制允许禁止写入来保护内存区域.这样可以防止流氓应用程序覆盖代码和数据.

Each process in the system has its own virtual address space. These virtual address spaces are completely separate from each other and so a process running one application cannot affect another. Also, the hardware virtual memory mechanisms allow areas of memory to be protected against writing. This protects code and data from being overwritten by rogue applications.

我不确定影响"是否也包括读",并且似乎硬件仅保护内存不被覆盖.

I'm not sure whether "affect" includes "read" as well and it seems that hardware only protects memory from being overwritten.

任何人都可以洞悉是否可以严格保证Linux系统的隔离,或者是否可以对其进行黑客入侵,如何保证?

Anyone has insights whether this isolation of Linux system is strongly guaranteed, or if it could be hacked, how to make the guarantee?

提前谢谢!

推荐答案

旁注:据我所知,考虑到它作为安全性问题的重要性,这是一个文献不多的话题.

Side note: As far as I know, this is a poorly documented topic given its importance as a security issue.

太长;不读:进程的虚拟地址空间与另一个地址完全隔离. Linux内核可以在内核模式中运行,因此可以访问整个内存.它提供了系统调用,允许在某些情况下(请参见下面的 Ptrace访问模式检查),某个进程访问另一个进程的内存.

Too Long; Don't Read: A process's virtual address space is fully isolated from another. The Linux kernel has access to the whole memory as it runs in kernel mode. It provides system calls that allow a process, under certain circumstances (see Ptrace access mode checking below), to access the memory of another.

Linux内核中有一些系统调用可以读取/写入其他进程的内存:

There are system calls in the Linux kernel that allow reading/writing memory of other process:

这些系统调用在调用进程(本地进程")和pid标识的进程(远程进程")的地址空间之间传输数据.数据直接在两个进程的地址空间之间移动,而无需通过内核空间.

These system calls transfer data between the address space of the calling process ("the local process") and the process identified by pid ("the remote process"). The data moves directly between the address spaces of the two processes, without passing through kernel space.

最后一句话指的是内核模式下发生的事情(内核实际上在两个物理地址之间复制).用户模式无法访问其他虚拟地址空间.有关技术细节,请查看实施补丁.

The last sentence refers to what happens in kernel mode (the kernel actually copies between two physical addresses). The user mode cannot access other virtual address space. For technical details, take a look at the implementation patch.

关于所需的权限:

读取或写入另一个进程的权限受ptrace访问模式 PTRACE_MODE_ATTACH_REALCREDS 检查的约束;参见 ptrace().

Permission to read from or write to another process is governed by a ptrace access mode PTRACE_MODE_ATTACH_REALCREDS check; see ptrace().

  • ptrace()

    ptrace()系统调用提供了一种方法,通过该方法,一个进程(示踪剂")可以观察并控制另一进程("tracee")的执行,并检查并更改示踪剂的内存和寄存器.

    • 根据所需的权限,根据 ptrace() >手册页:

    Regarding the permissions needed, according to ptrace() manual page:

    Ptrace访问模式检查

    内核用户空间API的各个部分(不仅是ptrace()操作)都需要所谓的"ptrace访问模式"检查,其结果确定是否允许操作(或在某些情况下导致) 读取"操作以返回经过清理的数据). 这些检查是在一个进程可以检查有关另一进程的敏感信息或在某些情况下修改其状态的情况下进行的.检查基于两个进程的凭据和功能等因素,目标"进程是否可转储,以及由任何已启用的Linux安全模块(LSM)(例如SELinux,Yama或Smack)和commoncap LSM(始终调用)执行的检查结果.

    Ptrace access mode checking

    Various parts of the kernel-user-space API (not just ptrace() operations), require so-called "ptrace access mode" checks, whose outcome determines whether an operation is permitted (or, in a few cases, causes a "read" operation to return sanitized data). These checks are performed in cases where one process can inspect sensitive information about, or in some cases modify the state of, another process. The checks are based on factors such as the credentials and capabilities of the two processes, whether or not the "target" process is dumpable, and the results of checks performed by any enabled Linux Security Module (LSM)—for example, SELinux, Yama, or Smack—and by the commoncap LSM (which is always invoked).

    相关内容:

    • CAP_SYS_PTRACE 功能.请参见功能手册页.

    列表,其中包含Linux内核系统调用的所有手册页.

    List with all manual pages to Linux kernel system calls.

    融化和幽灵漏洞.

    这篇关于Linux是否支持进程的内存隔离?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    相关文章
    服务器开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆