Path: utzoo!news-server.csri.toronto.edu!rpi!usc!samsung!crackers!cpoint!frog!rmkhome!rmk
From: rmk@rmkhome.UUCP (Rick Kelly)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <9103152251.41@rmkhome.UUCP>
Date: 16 Mar 91 09:10:00 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu> <14454@ulysses.att.com> <1991Mar13.180300.17697@convex.com>
Reply-To: rmk@rmkhome.UUCP (Rick Kelly)
Organization: The Man With Ten Cats
Lines: 22

In article <1991Mar13.180300.17697@convex.com> tchrist@convex.COM (Tom Christiansen) writes:
>From the keyboard of cjc@ulysses.att.com (Chris Calabrese):
>:Allowing any access to /dev/kmem is asking for trouble.
>:It's possible to become root on a system which
>:has a readable /dev/kmem without too much trouble.
>
>With just read access?  How do you do that?  I can understand
>being able to read other people's data, but I really don't know 
>how you would use this to become the superuser.  Reading su passwds?
>This is much harder in raw mode.




Think about it.  Look at the UNIX tools you have available.  Consider the fact
that /dev/kmem is a file.  When anyone logs in, even root, login has to decrypt
the password in /etc/password to compare it to the password typed it.  This
password in memory lays around for a while.  It is extremely easy to grab
passwords out of kmem, and match them to ANY user, including root.


Rick Kelly	rmk@rmkhome.UUCP	frog!rmkhome!rmk	rmk@frog.UUCP