Path: utzoo!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!uflorida!bikini!jco
From: jco@crane.cis.ufl.edu (Dumpmaster John)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <JCO.91Mar18112018@crane.cis.ufl.edu>
Date: 18 Mar 91 16:20:18 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu>
	<14454@ulysses.att.com> <1991Mar13.180300.17697@convex.com>
	<9103152251.41@rmkhome.UUCP>
Sender: news@uflorida.cis.ufl.EDU
Organization: /cis/santa0/jco/.organization
Lines: 29
In-reply-to: rmk@rmkhome.UUCP's message of 16 Mar 91 09:10:00 GMT



In article <9103152251.41@rmkhome.UUCP> rmk@rmkhome.UUCP (Rick Kelly) writes:

   When anyone logs in, even root, login has to decrypt
                                                ^^^^^^^

Excuse me?  Since when does it decrypt the password?  Read Password
Security: A case history encryption computing by Robert Morris, and Ken
Thompson. 


   the password in /etc/password to compare it to the password typed it.  This
   password in memory lays around for a while.  It is extremely easy to grab
   passwords out of kmem, and match them to ANY user, including root.

Now what the person typed is in memory so you could grab that and be useful.


later
jco



--
"BSD the strongest Operating System avaible today without a prescription."
John C. Orthoefer	Internet: jco@smuggler.cis.ufl.edu
University of Florida	Floyd Mailing List: eclipse-request@reef.cis.ufl.edu
CIS Department          >>>>>>New Address<<<<<<-------------^^^^