Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!ucsd!dog.ee.lbl.gov!elf.ee.lbl.gov!torek
From: torek@elf.ee.lbl.gov (Chris Torek)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <11315@dog.ee.lbl.gov>
Date: 22 Mar 91 08:35:34 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu> <1991Mar18.153201.23325@lth.se> <601@minya.UUCP>
Reply-To: torek@elf.ee.lbl.gov (Chris Torek)
Organization: Lawrence Berkeley Laboratory, Berkeley
Lines: 27
X-Local-Date: Fri, 22 Mar 91 00:35:34 PST

In article <601@minya.UUCP> jc@minya.UUCP (John Chambers) writes:
>There have been some claims that getting passwords from the kernel is
>"easy".  I'd like to see an example of how easy it is.  It strikes me
>as being not very easy at all.

It is not `easy' in the sense of being trivial, but it is not all
that difficult, either: back in the days of 4.1BSD, at the University
of Maryland, we had a student% who wrote a little `kmem reading'
program that scanned clists.

>The serial-port clists are especially tricky to read out of kmem,
>because the data structures change so fast.

The forementioned program did exactly that, with a success rate running
around 80 to 90 percent.  That is, it usually lost 1 or 2 out of every
ten characters.

>Note that I'm not saying it can't be done; I'm just questioning how
>easy it is to get anything useful this way.

Said student certainly got a number of useful tidbits... plus a number
of wrist-slappings. :-)
-----
% No, it was not me.  *My* days were in high school. :-)
-- 
In-Real-Life: Chris Torek, Lawrence Berkeley Lab CSE/EE (+1 415 486 5427)
Berkeley, CA		Domain:	torek@ee.lbl.gov