Skip to main content
Information Security

Return to Question

Bumped by Community user
mention kernel.yama.ptrace_scope
Source Link
tobib
tobib
  • 173
  • 4

I need a process to communicate with a child. No other process should be able to listen in on the communication. So far, I am using socketpair() to create two file descriptors and pass one to the child.

Now I learned that /proc/PID/fd/ exists. It contains a symlink for each file descriptor, with the one created by socketpair() looking like this:

/proc/1402/fd/64 -> socket:[8935]

I didn't find an answer to this, so I want to be sure: Can other processes use this symlink to listen in on the communication?

Edit: To prevent processes from reading memory of other processes, I am using kernel.yama.ptrace_scope. My questions is whether there are other ways in which the information could leak.

I need a process to communicate with a child. No other process should be able to listen in on the communication. So far, I am using socketpair() to create two file descriptors and pass one to the child.

Now I learned that /proc/PID/fd/ exists. It contains a symlink for each file descriptor, with the one created by socketpair() looking like this:

/proc/1402/fd/64 -> socket:[8935]

I didn't find an answer to this, so I want to be sure: Can other processes use this symlink to listen in on the communication?

I need a process to communicate with a child. No other process should be able to listen in on the communication. So far, I am using socketpair() to create two file descriptors and pass one to the child.

Now I learned that /proc/PID/fd/ exists. It contains a symlink for each file descriptor, with the one created by socketpair() looking like this:

/proc/1402/fd/64 -> socket:[8935]

I didn't find an answer to this, so I want to be sure: Can other processes use this symlink to listen in on the communication?

Edit: To prevent processes from reading memory of other processes, I am using kernel.yama.ptrace_scope. My questions is whether there are other ways in which the information could leak.

Source Link
tobib
tobib
  • 173
  • 4

Can /proc/PID/fd be used to snoop on anonymous sockets?

I need a process to communicate with a child. No other process should be able to listen in on the communication. So far, I am using socketpair() to create two file descriptors and pass one to the child.

Now I learned that /proc/PID/fd/ exists. It contains a symlink for each file descriptor, with the one created by socketpair() looking like this:

/proc/1402/fd/64 -> socket:[8935]

I didn't find an answer to this, so I want to be sure: Can other processes use this symlink to listen in on the communication?