Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!ficc!peter
From: peter@ficc.ferranti.com (Peter da Silva)
Newsgroups: comp.unix.questions
Subject: Re: Can the output to a terminal be monitored?
Message-ID: <AO.3TW4@xds13.ferranti.com>
Date: 12 Jun 90 13:31:29 GMT
References: <2784@syma.sussex.ac.uk> <270@demott.COM> <1990Jun3.011111.1589@virtech.uucp> <509@al.ele.tue.nl>
Reply-To: peter@ficc.ferranti.com (Peter da Silva)
Organization: Xenix Support, FICC
Lines: 18

In article <509@al.ele.tue.nl> raymond@ele.tue.nl (Raymond Nijssen) writes:
> Then, you can run a program acting as a spy. These programs
> are used by crackers, and it's quite easy for them, since /dev/kmem is
> world readable on most unix systems,

I hope not. It's never been on any system I've used.

> for this is necessary for commands
> like ps, which examines lots of kernels buffers also.

cr--r-----   1 sys      sys         2,  1 Feb  6  1989 /dev/kmem
-r-xr-sr-x   1 root     sys         21494 Feb  6  1989 /bin/ps

> Nevertheless, it should still be considered as a security hole, and I 
> wonder if it has been fixed in rel. 4.

It's been fixed in Rel 3, Rel 2, Rel 0, System III, and V7. I'd check on
our Suns, too, but they seem to be making trouble for TCP/IP.
-- 
`-_-' Peter da Silva. +1 713 274 5180.  <peter@ficc.ferranti.com>
 'U`  Have you hugged your wolf today?  <peter@sugar.hackercorp.com>
@FIN  Dirty words: Zhghnyyl erphefvir vayvar shapgvbaf.