> Two programs running under same user can’t by default read each other’s memory.

'gdb -p $pid' works fine for me on linux as a non-root user for another pid of the same user, and that sure lets me read all memory. I think /proc/$pid/mem works fine too, right?

'ReadProcessMemory' works fine as an unprivileged user on windows I _thought_, at least I know it did last time I used it. That was years ago.

No clue about macOS.

I assume most people on hacker news are using linux though, so that's the one that's relevant.

> I assume most people on hacker news are using linux though, so that's the one that's relevant.

I'd wager a beer that MacOS is the dominant OS. Followed by Windows. Followed by Linux.

On Linux you can prevent being ptrace'd or having your core dumped by setting PR_SET_DUMPABLE in prctl. I've seen this used in places you'd expect like ssh-agent and GNOME's Keyring password manager.

Ctrl-f for 'PR_SET_DUMPABLE' in the manpages:

- https://man7.org/linux/man-pages/man2/prctl.2.html

- https://man7.org/linux/man-pages/man2/ptrace.2.html

> 'gdb -p $pid' works fine for me on linux as a non-root user for another pid of the same user

I believe this requires `kernel.yama.ptrace_scope` to be set to 0, which is not the default in most distros? Or gdb to be granted specific capability, which I don't think is done by default either.

What distribution is that on? At least Ubuntu has had ptrace capabilities restricted to superuser processes and descendants for many years now, as far as I can remember.

/proc/$pid/mem access needs ptrace permissions as well and accordingly follows the same rules.