Kmem security (was: Re: How do you make your UNIX crash ???)
Dumpmaster John
jco at crane.cis.ufl.edu
Tue Mar 19 02:20:18 AEST 1991
In article <9103152251.41 at rmkhome.UUCP> rmk at rmkhome.UUCP (Rick Kelly) writes:
When anyone logs in, even root, login has to decrypt
^^^^^^^
Excuse me? Since when does it decrypt the password? Read Password
Security: A case history encryption computing by Robert Morris, and Ken
Thompson.
the password in /etc/password to compare it to the password typed it. This
password in memory lays around for a while. It is extremely easy to grab
passwords out of kmem, and match them to ANY user, including root.
Now what the person typed is in memory so you could grab that and be useful.
later
jco
--
"BSD the strongest Operating System avaible today without a prescription."
John C. Orthoefer Internet: jco at smuggler.cis.ufl.edu
University of Florida Floyd Mailing List: eclipse-request at reef.cis.ufl.edu
CIS Department >>>>>>New Address<<<<<<-------------^^^^
More information about the Comp.unix.admin
mailing list