Kmem security (was: Re: How do you make your UNIX crash ???)
Rick Kelly
rmk at rmkhome.UUCP
Sat Mar 16 19:10:00 AEST 1991
In article <1991Mar13.180300.17697 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
>From the keyboard of cjc at ulysses.att.com (Chris Calabrese):
>:Allowing any access to /dev/kmem is asking for trouble.
>:It's possible to become root on a system which
>:has a readable /dev/kmem without too much trouble.
>
>With just read access? How do you do that? I can understand
>being able to read other people's data, but I really don't know
>how you would use this to become the superuser. Reading su passwds?
>This is much harder in raw mode.
Think about it. Look at the UNIX tools you have available. Consider the fact
that /dev/kmem is a file. When anyone logs in, even root, login has to decrypt
the password in /etc/password to compare it to the password typed it. This
password in memory lays around for a while. It is extremely easy to grab
passwords out of kmem, and match them to ANY user, including root.
Rick Kelly rmk at rmkhome.UUCP frog!rmkhome!rmk rmk at frog.UUCP
More information about the Comp.unix.admin
mailing list