Really enjoying this series! You got me to start reading the OSTEP book to dig into some related OS concepts - had it on my list for a while. Thank you for writing it!
Thanks for this series! The posts are really interesting and “easy” to read. One question: with the kernel providing the possibility to read or write another process memory as (apparently) so easily, how does security fit in this scheme?
It's a different domain. Debuggers are within the domain of trusted software; if you can't trust any of the code running inside your debugger, you've already lost. Security mechanisms have the job of eliminating untrusted code from existing within this domain at all.
Yeah, that makes sense, thanks! In the example though the debugger creates the debuggee. Is it always the case? Is it possible to attach to an existing process? If that’s the case, can we still assume that we’re in a trusted software situation because the two processes were launched in the same (local) machine?
Long time ago I came across the term 'inferior', that caused confusion at first. It turned out to be just the name gdb gives to the debuggee. It'd be nice that this article, given it's in part a concept clarifier, included that one in the remark about how the process being debugged is known as.
Really enjoying this series! You got me to start reading the OSTEP book to dig into some related OS concepts - had it on my list for a while. Thank you for writing it!
Thanks for this series! The posts are really interesting and “easy” to read. One question: with the kernel providing the possibility to read or write another process memory as (apparently) so easily, how does security fit in this scheme?
It's a different domain. Debuggers are within the domain of trusted software; if you can't trust any of the code running inside your debugger, you've already lost. Security mechanisms have the job of eliminating untrusted code from existing within this domain at all.
Yeah, that makes sense, thanks! In the example though the debugger creates the debuggee. Is it always the case? Is it possible to attach to an existing process? If that’s the case, can we still assume that we’re in a trusted software situation because the two processes were launched in the same (local) machine?
Long time ago I came across the term 'inferior', that caused confusion at first. It turned out to be just the name gdb gives to the debuggee. It'd be nice that this article, given it's in part a concept clarifier, included that one in the remark about how the process being debugged is known as.
Amazing series, thank for you writing this.