Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!masscomp!think.com!sdd.hp.com!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!pacbell.com!pacbell!ptsfa!dmturne
From: dmturne@PacBell.COM (Dave Turner)
Newsgroups: comp.unix.admin
Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???)
Message-ID: <6093@ptsfa.PacBell.COM>
Date: 4 Apr 91 20:24:46 GMT
References: <513@bria> <1991Mar12.132003.27383@cs.widener.edu> <1991Mar24.203327.18426@ttank.ttank.com> <638@minya.UUCP>
Reply-To: dmturne@PacBell.COM (Dave Turner)
Distribution: usa
Organization: Pacific * Bell, San Ramon, CA
Lines: 25

In article <638@minya.UUCP> jc@minya.UUCP (John Chambers) writes:
.In article <1991Mar24.203327.18426@ttank.ttank.com>, tts@ttank.ttank.com (Karl Bunch) writes:
.> In <601@minya.UUCP> jc@minya.UUCP (John Chambers) writes:
.> >There have been some claims that getting passwords from the kernel is
.> >"easy".  I'd like to see an example of how easy it is.  It strikes me
.> >as being not very easy at all.  Well, sure, I can read all of kmem into..
.> 
.> Try this.. Login as root:
.> 
.> time strings /dev/kmem | grep rootpassword | wc -l
.> 
.> You'll be surprised.  
.
.I tried it; I wasn't at all surprised.  It gave me no output at all.
.What was it supposed to do?  This is a Sys/V.3 system.  I tried it

I'd be surprised if a least one user didn't learn your rootpassword
by typing a ps (ps -ef on system v) while you were running this command.

The security exposure of running a grep with root's clear password is
much greater than someone getting it from /dev/kmem.


-- 
Dave Turner	415/823-2001	{att,bellcore,sun,ames,decwrl}!pacbell!dmturne