Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!tut.cis.ohio-state.edu!ucbvax!ulysses!ulysses.att.com!cjc
From: cjc@ulysses.att.com (Chris Calabrese)
Newsgroups: comp.unix.admin
Subject: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <14454@ulysses.att.com>
Date: 13 Mar 91 14:11:03 GMT
References: <690@tndsyd.oz.au> <513@bria> <1991Mar12.132003.27383@cs.widener.edu>
Sender: netnews@ulysses.att.com
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 22

brendan@cs.widener.edu (Brendan Kehoe) writes:
>In <513@bria>, uunet!bria!mike writes:
>>In an article, tndsyd.oz.au!berny (Berny Goodheart) writes:
>>>I am interested in finding out known ways to make your version of UNIX
>>>crash.
>>	if ( (fd = open("/dev/kmem",O_RDWR)) == -1 )
>
>   If your sysadmin (much less the vendor itself) left /dev/kmem world
>   WRITABLE, they're begging for this kind of thing. Readable, possibly;
>   writable, c'mon.

Allowing any access to /dev/kmem is asking for trouble.
It's possible to become root on a system which
has a readable /dev/kmem without too much trouble.
After that, it's all over.
If you want certain programs to access kmem (ps, top, etc),
make them sgid to group kmem and make kmem readable to group kmem.

Name:			Christopher J. Calabrese
Brain loaned to:	AT&T Bell Laboratories, Murray Hill, NJ
att!ulysses!cjc		cjc@ulysses.att.com
Obligatory Quote:	``pher - gr. vb. to schlep.  phospher - to schlep light.philosopher - to schlep thoughts.''