Kmem security (was: Re: How do you make your UNIX crash ???)
Chris Torek
torek at elf.ee.lbl.gov
Wed Mar 27 05:28:01 AEST 1991
In article <1991Mar26.113637.24279 at lth.se> magnus at thep.lu.se
(Magnus Olsson) writes:
>Seriously, I thought the entire virtual memory of the machine was
>accessible through /dev/kmem. Why isn't login's address space?
(NB: the following are generalisations that may not apply to your
particular Unix system.)
/dev/kmem gives access to kernel virtual address space. If login's
address space happens to be mapped in to kernel virtual space at
the time, it could be found there. If not, it could not.
/dev/mem gives access to physical memory. In conjunction with
/dev/kmem, this can be used to locate any in-core pages of any
process. (First one reads the mapping structures from the kernel,
in order to locate the page locators, then one reads the locators,
then the pages. The total number of indirections involved is
machine- and implementation-dependent.)
The /proc file system, where it exists, gives access to the virtual
address spaces of individual processes. This is an interesting place
to find covert channels (want to read kernel memory? run a setgid-
kmem program and open its /proc file, if the system permits).
--
In-Real-Life: Chris Torek, Lawrence Berkeley Lab CSE/EE (+1 415 486 5427)
Berkeley, CA Domain: torek at ee.lbl.gov
More information about the Comp.unix.admin
mailing list