leak.el updated over last paste!
(defvar proclist nil) (defconst number-regexp "-?\\([0-9]+\\.?\\|\\.\\)[0-9]*\\(e[0-9]+\\)?" "Regular expression for recognizing numbers.") (defun lsof () ;; perform lsof and grep for FIFO. start of line - process number. store in list if it is unique (let ((buffer (get-buffer-create "**leakprocess1**"))) (setq proclist nil) (set-buffer buffer) (erase-buffer) (switch-to-buffer "**leakprocess1**") (call-process "lsof" nil t nil "-nFpt") (goto-char (point-min)) (while (< (point) (point-max)) ;; (beginning-of-line) (forward-word 1) (re-search-forward "FIFO" nil t) (setq oldpoint (point)) (re-search-backward "p" nil t) (forward-char 1) (setq proclist (cons (matcher) proclist)) (goto-char oldpoint) ;; (next-line 1) ))) (lsof) (defun leaker() ;; select drip FIFO from list. access FD in proc filesystem (setq string (nth (random (length proclist)) proclist)) (switch-to-buffer "**pool**") ;;read list of file descriptors (setq filename (choose-fd string)) (if (file-regular-p filename) (setq result filename) ;;drip read x characters and write to buffer (insert-file-contents result nil 0 500))) ;; change to randoms for length (let ((buffer (get-buffer-create "**pool**")))) (while 1 (leaker));; update FIFO list and do this at random intervals ;;(insert (format "%s" proclist)) ;;(print proclist) (defun matcher () (let (string) (if (looking-at number-regexp) (goto-char (match-end 0))) (setq string (buffer-substring (match-beginning 0) (point))) (string-to-int string))) ;; should just be string?? (defun choose-fd (stringy) ;; choose from /proc/stringy/fd/n using random (setq attempt (concat "/proc/" (number-to-string stringy) "/fd/")) (if (file-readable-p attempt) (setq number (random (length (directory-files attempt)))) (setq number 0)) (concat "/proc/" (number-to-string stringy) "/fd/" (number-to-string number)))
(defvar proclist nil) (defconst number-regexp "-?\\([0-9]+\\.?\\|\\.\\)[0-9]*\\(e[0-9]+\\)?" "Regular expression for recognizing numbers.") (defun lsof () ;; perform lsof and grep for FIFO. start of line - process number. store in list if it is unique (let ((buffer (get-buffer-create "**leakprocess1**"))) (setq proclist nil) (set-buffer buffer) (erase-buffer) (switch-to-buffer "**leakprocess1**") (call-process "lsof" nil t nil "-nFpt") (goto-char (point-min)) (while (< (point) (point-max)) ;; (beginning-of-line) (forward-word 1) (re-search-forward "FIFO" nil t) (setq oldpoint (point)) (re-search-backward "p" nil t) (forward-char 1) (setq proclist (cons (matcher) proclist)) (goto-char oldpoint) ;; (next-line 1) ))) (lsof) (defun leaker() ;; select drip FIFO from list. access FD in proc filesystem (setq string (nth (random (length proclist)) proclist)) (switch-to-buffer "**pool**") ;;read list of file descriptors (setq filename (choose-fd string)) (if (file-regular-p filename) (setq result filename) ;;drip read x characters and write to buffer (insert-file-contents result nil 0 500))) ;; change to randoms for length (let ((buffer (get-buffer-create "**pool**")))) (while 1 (leaker));; update FIFO list and do this at random intervals ;;(insert (format "%s" proclist)) ;;(print proclist) (defun matcher () (let (string) (if (looking-at number-regexp) (goto-char (match-end 0))) (setq string (buffer-substring (match-beginning 0) (point))) (string-to-int string))) ;; should just be string?? (defun choose-fd (stringy) ;; choose from /proc/stringy/fd/n using random (setq attempt (concat "/proc/" (number-to-string stringy) "/fd/")) (if (file-readable-p attempt) (setq number (random (length (directory-files attempt)))) (setq number 0)) (concat "/proc/" (number-to-string stringy) "/fd/" (number-to-string number)))
1] that we need some kind of wider archictecture rather than just implementing, say, leaking pipes; at the same time still question of a patching of the existent (a typical GNU Linux system, a custom system) and the solely making visible of a promiscuOS toolset.
notion of a geographic filesystem promoted by leaks/pools ideas. data pools forming in specific neighbouring regions of a filesystem.
2] focusing on GNU Emacs as core to a system of pluggability - that leaks could be within buffers - creating pool buffers which can be visited or even piped (if we can wrap up, say, comint-send-region and the like - promiscuous becoming a system), that we can also leak buffers into these pool buffers - such leaks tied to a systematics of process.
example code: zone.el which makes use of timers, calling functions/actions randomly and operations on buffers.
3] also scsh would be nice but although emerges fine, www.scsh.net is not accessible.
4] In GNU Emacs:
a) Networked and environmentally active self display. Generation of code and data rather than response to input.
b) All process memory is readable and writable by any process or user. There is no hierarchy, no model of secure computing. Self display code will exploit this feature.
c) The ability to generate, disperse and run mobile code between machines.
d) Supreme pluggability - small apps can plug themselves together within a Unix model or a la Pd (but not in such graphic manner).
e) In relation to pluggability leaky streams rather than static segregated files - advance Unix model with new command line operations (spray, leak with level options specified).
Information hiding. The kernel exports information (through /proc/pid/maps, for example) which can be highly useful to attackers... So restricting access to that information improves the security of the system.
/dev/mem is used primarily by root kits. About the only legitimate user is the X server, which uses /dev/mem for access to the frame buffer. Read access to /dev/mem is an information leak, and there is no reason for allowing write access to kernel memory at all.
From: Kernel Summit 2005: The ExecShield patches