检测和控制未授权的共享内存读取 [英] Detecting and controlling unauthorized shared memory reads
问题描述
我想知道-是否有任何已知的技术可以控制从授权程序之外的任何地方访问共享内存对象?
I was wondering - are there any known techniques to control access to a shared memory object from anywhere but an authorized program?
例如,假设我创建了一个共享内存段以供程序P使用,并由Q进行访问,然后将其设置为读写".我可以使用Q来访问它,因为我已经授予它(Q)所需的权限(以具有组的特定用户身份运行,等等).
For instance, lets say I create a shared memory segment for use in a program P, to be accessed by Q, and I make it Read-Write. I can access it using Q because I've given it (Q) the required permissions to do so (running as a particular user with groups, etc).
但是,我猜测在某些情况下,某些人可能会从程序R中访问此共享内存-只需将其附加并修改它即可.要停止此操作,可以将内存段设为只读-但是程序R仍然可以 read 读取内存中的内容.
However, I'm guessing there are instances where someone could potentially access this shared memory from a program R - simply attaching to it and modifying it. To stop this, you could make the memory segment read only - but now program R could still read what was in the memory.
我的问题分为几部分-
-
有办法吗,
Is there a way to,
a)仅允许Q访问共享内存?
a) allow only Q to access the shared memory?
b)判断是否由Q以外的其他人完成了读取-是谁做的? [这甚至有可能吗?]对于奖励积分,可以跨平台完成吗? [可能没有,但是没有危害:)]
b) figure whether a read was done by someone apart from Q - and who did it? [Is this even possible?] For bonus points, could this be done cross-platform? [Probably not, but no harm trying :)]
在什么情况下流氓程序可以附加到共享内存?我认为一种方法是,用户是否能够利用OS漏洞并成为启动程序的用户.还有其他人吗?
Under what circumstances could a rogue program attach to the shared memory? I presume one way is if a user is able to exploit OS holes and become the user that started the program. Any others?
推荐答案
POSIX共享内存具有与文件相同的权限系统-如果运行ipcs
,您将看到系统上共享内存段的权限:
POSIX shared memory has the same permissions system as files - if you run ipcs
you'll see the permissions of the shared memory segments on your system:
$ ipcs -m
IPC status from <running system> as of Tue Jul 14 23:21:25 BST 2009
T ID KEY MODE OWNER GROUP
Shared Memory:
m 65536 0x07021999 --rw-r--r-- root wheel
m 65537 0x60022006 --rw-r--r-- root wheel
为回答问题1a),您可以使用常规UNIX权限系统仅允许来自特定用户和/或组的访问.可以使用shmctl
来控制:
In answer to question 1a), you can use the normal UNIX permissions system to only allow access from a certain user and/or group. This can be controlled using shmctl
:
struct ipc_perm perms;
perms.uid = 100;
perms.giu = 200;
perms.mode = 0660; // Allow read/write only by
// uid '100' or members of group '200'
shmctl(shmid, IPC_SET, &perms);
对于1b),我认为不存在任何用于共享内存访问的审核接口.
For 1b), I don't think any auditing interfaces exist for shared memory access.
关于第二个问题,以shm所有者/组身份运行或以root用户身份运行的任何进程都将能够访问您的内存-这与访问任何其他资源没有什么不同.根始终可以访问* ix系统上的任何内容;因此,将用户升级为root的任何攻击都将允许访问任何共享内存区域.
With regards to your second question, any process running as the shm owner/group, or running as root will be able to access your memory - this is no different to accessing any other resource. Root can always access anything on a *ix system; and so any exploit which escalated a user to root would allow access to any shared memory region.
这篇关于检测和控制未授权的共享内存读取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!