> >>>>> "AP" == Andrej Presern <andrejp@luz.fe.uni-lj.si> writes:
>
> AP> It makes me wonder if there is a way a process can prevent some
> AP> other process from accessing any of its address space. Not being
> AP> able to do so would open up a potential security hole that would
> AP> enable the superuser to extract the information that is supposed
> AP> to stay private by mmap()ing the address space of an intresting
> AP> process into its own and examining (and possibly modifying) it.
>
> Would people please stop trying to protect a unix system from root?
> Root can patch the kernel on the fly to get around any "protection".
No, actually, with a proper securelevel implimentation root can't.
What happened to the patches for securelevel being a bitmap, and the
ability to chmod /proc/[pid] dirs to hide their processes?
Both of those were quite execlent, and are on my top 10 list.. :)
>
>
> Benny