Kmem security (was: Re: How do you make your UNIX crash ???)
Magnus Olsson
magnus%thep.lu.se at Urd.lth.se
Tue Mar 26 21:36:37 AEST 1991
In article <601 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>In article <1991Mar18.153201.23325 at lth.se>, magnus%thep.lu.se at Urd.lth.se (Magnus Olsson) writes:
>> That doesn't mean, of course, that you can't get passwords from /dev/kmem -
>> login has to keep the entered password somewhere before it encrypts it!
>
>Sorry, but this is bogus.
>
>True, login has to keep the password somewhere, but that somewhere isn't
>in /dev/kmem; it is in login's address space.
>
>What is true is that it has to get it from somewhere, and it does that via
>a read(), meaning that the somewhere it gets it from is inside /dev/kmem.
>
>[Picky, picky, picky! ;-]
To be *really* picky, I didn't say that login *did* keep passwords in /dev/kmem,
but only that it wasn't necessarily true that it didn't. :-)
Seriously, I thought the entire virtual memory of the machine was accessible
through /dev/kmem. Why isn't login's address space?
Magnus Olsson | \e+ /_
Dept. of Theoretical Physics | \ Z / q
University of Lund, Sweden | >----<
Internet: magnus at thep.lu.se | / \===== g
Bitnet: THEPMO at SELDC52 | /e- \q
More information about the Comp.unix.admin
mailing list