Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!emory!gatech!prism!mailer.cc.fsu.edu!nu!boyd From: boyd@nu.cs.fsu.edu (Mickey Boyd) Newsgroups: comp.unix.admin Subject: Re: Kmem security (was: Re: How do you make your UNIX crash ???) Message-ID: <1991Apr8.213109.1949@mailer.cc.fsu.edu> Date: 9 Apr 91 01:59:57 GMT References: <1991Mar12.132003.27383@cs.widener.edu> <1991Mar24.203327.18426@ttank.ttank.com> <638@minya.UUCP> Reply-To: boyd@nu.cs.fsu.edu Distribution: usa Organization: Florida State Universiy Computer Science Department Lines: 31 In article <638@minya.UUCP>, jc@minya.UUCP (John Chambers) writes: > >> Safer would be: >> strings /dev/kmem | tr ' ' '^J' | sort -u | more >> and do a /rootpassword > >OK; that didn't crash the system; I just got a few random-looking strings, >followed by:: > /rootpassword: Command not found. >What was it supposed to do? Maybe I'm not a real Unix hacker, after >all; I haven't even heard of a "rootpassword" command. Am I missing >something good? I also looked around on some of the BSD and Ultrix >systems at work, and there was nothing called "rootpassword" anywhere >in any of their filesystems. > This was to invoke a search for the string "rootpassword" in more. It is not a standalone command, it is a modifier within more. It could be argued that it is one of the more useful features of more. My question is why the string "rootpassword" would be anywhere (perhaps the poster intended for the real root password to be substituted, just to show how easy it can be found. A potential intruder would have to try all the strings found, but this is still a drastically reduced searchspace). -- ---------------------------------+------------------------------------- Mickey R. Boyd | "Kirk to Enterprise. All clear FSU Computer Science | down here. Beam down Technical Support Group | yeoman Rand and a six-pack . ." email: boyd@fsucs.cs.fsu.edu | ---------------------------------+-------------------------------------