Kmem security (was: Re: How do you make your UNIX crash ???)
Rick Kelly
rmk at rmkhome.UUCP
Thu Mar 21 06:43:00 AEST 1991
In article <1991Mar18.153201.23325 at lth.se> magnus at thep.lu.se (Magnus Olsson) writes:
>In article <9103152251.41 at rmkhome.UUCP> rmk at rmkhome.UUCP (Rick Kelly) writes:
>>When anyone logs in, even root, login has to decrypt
>>the password in /etc/password to compare it to the password typed it. This
>>password in memory lays around for a while. It is extremely easy to grab
>>passwords out of kmem, and match them to ANY user, including root.
>
>Sorry, but this is bogus.
>
>login does *not* have to decrypt the password from /etc/passwd - indeed,
>I don't think there's any way it could do that! (The encryption function
>is not invertible - several different passwords acan have the same
>encrypted from). Instead, it encrypts the typed-in password and compares
>it to the one in /etc/passwd.
>
>That doesn't mean, of course, that you can't get passwords from /dev/kmem -
>login has to keep the entered password somewhere before it encrypts it!
Your right. I typed without thinking.
However, I have used standard UNIX commands to find the password that a user
typed in at the prompt. It's trivial.
Rick Kelly rmk at rmkhome.UUCP frog!rmkhome!rmk rmk at frog.UUCP
More information about the Comp.unix.admin
mailing list