Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ira.uka.de!fauern!NewsServ!tritsche
From: tritsche@Informatik.TU-Muenchen.DE (Stefan Tritscher)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <1991Mar20.171221.19709@Informatik.TU-Muenchen.DE>
Date: 20 Mar 91 17:12:21 GMT
References: <14454@ulysses.att.com> <1991Mar13.180300.17697@convex.com> <9103152251.41@rmkhome.UUCP>
Sender: news@Informatik.TU-Muenchen.DE
Organization: Technische Universitaet Muenchen, Germany
Lines: 30

In article <9103152251.41@rmkhome.UUCP> rmk@rmkhome.UUCP (Rick Kelly) writes:
|In article <1991Mar13.180300.17697@convex.com> tchrist@convex.COM (Tom Christiansen) writes:
|>From the keyboard of cjc@ulysses.att.com (Chris Calabrese):
|>:Allowing any access to /dev/kmem is asking for trouble.
|>:It's possible to become root on a system which
|>:has a readable /dev/kmem without too much trouble.
|>
|>With just read access?  How do you do that?  I can understand
|>being able to read other people's data, but I really don't know 
|>how you would use this to become the superuser.  Reading su passwds?
|>This is much harder in raw mode.
|
|
|
|
|Think about it.  Look at the UNIX tools you have available.  Consider the fact
|that /dev/kmem is a file.  When anyone logs in, even root, login has to decrypt
|the password in /etc/password to compare it to the password typed it.  This
|password in memory lays around for a while.  It is extremely easy to grab
|passwords out of kmem, and match them to ANY user, including root.
|

NO - NO - NO

Think about it. If login could decrypt a password then evryone could do that
too. Passwords cannot be decrypted. Login ENcrypts the password from the
user and compares it with the ENcrypted password in the password file.

|
|Rick Kelly	rmk@rmkhome.UUCP	frog!rmkhome!rmk	rmk@frog.UUCP