Should kmem be read to the world?
Karl Kleinpaste
karl at giza.cis.ohio-state.edu
Tue Jun 27 05:37:07 AEST 1989
mb at rex.cs.tulane.edu writes:
We just noticed that w does not work. It returns the message "no kmem".
Should /dev/kmem be made readable to the world or will that cause
security problems?
That will cause security problems; the intelligent cracker will learn
all kinds of fascinating things by reading /dev/kmem.
We define a group "devkmem" with no members, and then chgrp all memory
devices to this group, and in turn chgrp and chmod g+s all the
memory-reading programs (ps, w, top, etc) so that they retain their
well-behaved access.
--Karl
More information about the Comp.sys.pyramid
mailing list