Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!snorkelwacker.mit.edu!bloom-beacon!ora!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.admin Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???) Message-ID: <638@minya.UUCP> Date: 3 Apr 91 02:19:52 GMT References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu> <1991Mar24.203327.18426@ttank.ttank.com> Distribution: usa Lines: 50 In article <1991Mar24.203327.18426@ttank.ttank.com>, tts@ttank.ttank.com (Karl Bunch) writes: > In <601@minya.UUCP> jc@minya.UUCP (John Chambers) writes: > >There have been some claims that getting passwords from the kernel is > >"easy". I'd like to see an example of how easy it is. It strikes me > >as being not very easy at all. Well, sure, I can read all of kmem into.. > > Try this.. Login as root: > > time strings /dev/kmem | grep rootpassword | wc -l > > You'll be surprised. I tried it; I wasn't at all surprised. It gave me no output at all. What was it supposed to do? This is a Sys/V.3 system. I tried it on some BSD and Ultrix and Sun systems at work, and got nothing from any of them, either. I also tried just the "strings /dev/kmem"; it gave me a few strings, but nothing that was even vaguely recognizable as a password. I didn't see the root password anywhere, although I'd just done a "su - root". I also decided to try "strings /dev/mem". This time I was surprised. The system hung, and had to be rebooted. Such a pity, too; this system was heading for some sort of record, since the last boot was some time late in November. Who ever heard of a Unix system (especially one owned by a notorious Unix hacker ;-) surviving so long? Anyone know why feeding /dev/mem to strings should crash a system? This seems rather demented to me. But it does get us back to the original topic. > Safer would be: > strings /dev/kmem | tr ' ' '^J' | sort -u | more > and do a /rootpassword OK; that didn't crash the system; I just got a few random-looking strings, followed by:: /rootpassword: Command not found. What was it supposed to do? Maybe I'm not a real Unix hacker, after all; I haven't even heard of a "rootpassword" command. Am I missing something good? I also looked around on some of the BSD and Ultrix systems at work, and there was nothing called "rootpassword" anywhere in any of their filesystems. It seems I'm missing something somewhere. Nothing here has turned up even a single password, root or otherwise. And it was supposed to be so easy... -- All opinions Copyright (c) 1991 by John Chambers. Inquire for licensing at: Home: 1-617-484-6393 Work: 1-508-486-5475 Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc