Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uupsi!sunic!lth.se!newsuser
From: magnus%thep.lu.se@Urd.lth.se (Magnus Olsson)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <1991Mar18.153201.23325@lth.se>
Date: 18 Mar 91 15:32:01 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu> <14454@ulysses.att.com> <1991Mar13.180300.17697@convex.com> <9103152251.41@rmkhome.UUCP>
Sender: newsuser@lth.se (LTH network news server)
Reply-To: magnus@thep.lu.se (Magnus Olsson)
Organization: Theoretical Physics, Lund university, Sweden
Lines: 23

In article <9103152251.41@rmkhome.UUCP> rmk@rmkhome.UUCP (Rick Kelly) writes:
>When anyone logs in, even root, login has to decrypt
>the password in /etc/password to compare it to the password typed it.  This
>password in memory lays around for a while.  It is extremely easy to grab
>passwords out of kmem, and match them to ANY user, including root.

Sorry, but this is bogus.

login does *not* have to decrypt the password from /etc/passwd - indeed,
I don't think there's any way it could do that! (The encryption function
is not invertible - several different passwords acan have the same
encrypted from). Instead, it encrypts the typed-in password and compares
it to the one in /etc/passwd.

That doesn't mean, of course, that you can't get passwords from /dev/kmem -
login has to keep the entered password somewhere before it encrypts it!


Magnus Olsson                   | \e+      /_
Dept. of Theoretical Physics    |  \  Z   / q
University of Lund, Sweden      |   >----<           
Internet: magnus@thep.lu.se     |  /      \===== g
Bitnet: THEPMO@SELDC52          | /e-      \q